Risk and Compliance Analyst II

Risk & Compliance Analyst II

The Risk & Compliance Analyst II brings subject matter expertise to the Firm's risk and compliance management programs, partnering with legal support, operations, and technology teams to ensure compliance with Firm policies and client outside counsel guidelines. This includes implementing tools and processes related to internal controls, information governance, risk management, and both client and regulatory compliance. The Risk & Compliance Analyst II also assists with key governance functions, including outside counsel guideline and audit letter reviews. This position is part of the Information Security and Governance (ISG) department and has significant interactions with partners, clients, and other departments within the Firm.

Job Functions & Responsibilities

• Maintain a balanced risk management and compliance control framework, working with key stakeholders in alignment with Firm and client standards
• Review Firm policies, procedures, and standards, partnering with Human Resources and other stakeholders to ensure compliance with client outside counsel guidelines
• Facilitate and document client security assessments and other client requests, including internal and client communications, meetings, deadlines, research, responses, and remediation requests
• Analyze client security assessment results and recommend improvements to business processes, administrative, and technical controls
• Collect vendor information from vendor owners, research tools, and public resources, ensuring the vendor database is up-to-date
• Maintain vendor management tools used to track the vendor management lifecycle, security risk assessments, business risk assessments, and contract reviews
• Conduct security and business risk assessments of third party vendors, tracking remediation requests in accordance with the vendor risk program and policies
• Review contracts for low risk third party vendors in accordance with the vendor management program, partnering with vendor owners and contract review attorneys
• Review and develop scenarios for the Firm's risk register
• Partner with appropriate business units to ensure appropriate operational, technical, and data privacy controls are implemented and enforced
• Document internal controls and map to Firm and client compliance standards (e.g., ISO 27001, SOC 2, NIST, Center for Internet Security Top 18)
• Analyze compliance gaps and recommend improvements to business processes, administrative, and technical controls
• Respond to Data Subject Request (DSR) inquiries related to GDPR, CCPA, or other privacy laws
• Document, investigate, and report compliance issues and incidents, where necessary
• Collect, analyze, and prepare reports required for senior management, auditors, and other relevant stakeholders
• Assist with the outside counsel guideline review process (e.g., drafting responses, tracking deadlines, liaise with risk partners for review and approval)
• Assist with the audit letter review process (e.g., drafting letters, tracking deadlines, liaise with the Audit Committee for review and approval)
• Other duties as assigned

Tools

Minimum Job Qualifications

Physical Demands

Writing, typing, reading, speaking, hearing, seeing, sitting, bending, reaching, lifting up to 25 lbs.

Working Conditions

Quiet office environment in a high-rise building, seated the majority of the time.

Direct Reports

None

Competencies

The Risk & Compliance Analyst II role is an amazing opportunity available on our team of professionals at Munger, Tolles & Olson, LLP! We offer competitive pay, benefits and an opportunity to make an impact in today's world.