Paul Hastings is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies. With a strong presence throughout Asia, Europe, Latin America, and the U.S., we have the global reach and extensive capabilities to provide personalized service wherever our clients' needs take us. As one of the world's leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth. We have an opening for a Senior Governance, Risk and Compliance (GRC) Analyst. The Senior Governance, Risk and Compliance (GRC) Analyst will join the InfoSec team to assist in executing the GRC function, which includes Third Party Risk Management (TPRM), Client Compliance and IT Risk Management. This includes facilitating activities across the GRC lifecycle to identify and address risks related to TPRM, Client Compliance, and IT Risk. Proven ability to support due diligence, ongoing risk assessments and monitoring across functional areas. The Senior Governance, Risk and Compliance (GRC) Analyst will be responsible for coordinating GRC efforts, including the review of cybersecurity controls of third party vendors and vendor hardware, software, and services in alignment with the organization's current IT risk management standards. In this capacity, Senior Governance, Risk and Compliance (GRC) Analyst will:
- Work closely with the TPRM Manager in the key phases of the Third-Party Risk Management lifecycles from pre-onboarding to off boarding of vendor relationships;
- Assist in facilitating third party risk assessments for initial due diligence and ongoing evaluation of third party vendor services to identify potential privacy and security related risks;
- Manage distribution and assist in the review of required vendor cyber risk documents, such as third party risk assessment questionnaires (e.g., SIG), audited reports of controls (i.e., SSAE18, SOC2 Type II, etc.), vendor security policies and other information to support the identification and evaluation of potential outsourcing risks;
- Demonstrate a general understanding of industry standards (such as NIST CSF) and the regulatory landscape (such as GDPR) to assist in providing comprehensive assessments across the GRC domains;
- Work with and third parties and internal stakeholders to identify and track and report identified issues and risk remediation efforts;
- Assist in executing GRC methodologies and provide training/guidance to Procurement, Departments and Key Stakeholders;
- Coordinate across the InfoSec team to evaluate the vendor's security controls and identify associated risks;
- Support the risk reporting and key metrics process;
- Work with Contracts Administration/Procurement to support contractual reviews for new and existing vendors;
- Support Client Compliance efforts, including assessment completion, webshare support, and coordination with clients and client stakeholders;
- Contributes to the continuous improvement, including automation where possible, of all aspects of the of the GRC program;
- Stay informed about the latest developments in the vendor risk management field and other GRC domains; and
- Support various ad hoc projects across the GRC team (e.g., program enhancements, process improvements, and other functions).
Proficiencies:
- Elevated knowledge in the GRC domains of TPRM, Compliance and Risk Management;
- General knowledge of privacy and information security frameworks (e.g., NIST, ISO, etc.) and relevant regulatory requirements (e.g., GDPR, CCPA, etc.);
- Expertise on GRC trends and research to address potential security exposures;
- General understanding of GRC frameworks and principles;
- Strong written and verbal communication skills; and
- Knowledge of supplier resiliency requirements.
Qualifications:
- 5+ years of experience in GRC or related experience; and
- Experience working with Big 4 consulting, financial or other heavily regulated industries.
Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability. Eligible employees can participate in the Firm's comprehensive benefits program, which include the following:
- Medical, Dental, Vision, Life/AD&D, Long Term Care, and Short- and Long-Term Disability
- Flexible Spending Account and Health Savings Account
- Healthcare Concierge and Advocacy
- Lifestyle Spending Account
- Voluntary 401(k) Plan and Profit Sharing
- 10 Paid Holidays per year and a generous PTO Program
- Family Support including Paid Parental Leave, Fertility Benefits, Breast Milk Shipping, Back-up Child Care, Elder Care, and Tutoring
- Wellbeing programs (Employee Assistance Program, Relationship Support, Mental Health and Well-Being Events)
- Retirement Plan Consulting
- Anniversary Bonus Program
- Professional Development Programs
- Transportation and Commuter Benefits
- International Travel Insurance
- Auto/Home/Pet Insurance
- Prepaid Legal Insurance
- Employee Discounts
- And More!
The Firm has a range of diversity initiatives including our Paul Hastings Affinity Networks (PHANs), Women's Initiative, and PH Balanced. These initiatives provide a firmwide forum to share experiences, as well as an opportunity to participate in a supportive network with common interests to help make life at the firm more inclusive. Learn more about our Global Diversity, Inclusion and Wellness Initiatives here. Paul Hastings LLP is an equal employment and affirmative action employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.
|