Security Governance, Risk, Compliance Analyst (On-site)

The Security Governance, Risk, Compliance (GRC) Analyst will be responsible for supporting the daily activities of the GRC function within A&M’s Global Security Office. This role will be focused in supporting client questionnaires and audit requests, performance of third-party supplier assessments, and working closely with business stakeholders to align security measures commensurate with risk. The GRC Analyst requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm. The GRC Analyst will support cybersecurity related initiatives as required.

Responsibilities

Respond to client security questionnaires, RFP/RFI’s, and audit requests. Coordinate responses by working with internal stakeholders across disciplines. Maintain database of knowledge.

Execute the firm’s Heightened Security Process which entails working with business stakeholders globally to ensure appropriate security measures are in place at the engagement level.

Perform third-party security vendor diligence. Laisse with business and external stakeholders to perform assessments and identify risk, whilst maintaining monitoring activities of existing vendors.

Respond to and maintain the GRC service queue for tickets escalated to the team in coordination with the relevant stakeholders.

Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities.

Support activities pertaining to risk management; execution of the risk strategy inclusive of identification, tracking, and participation within treatment activities.

Qualifications

Couple of years experience in security governance, risk, and compliance or related.

Strong experience responding to client/customer security inquires.

Broad and solid understanding of cyber security concepts and risks.

Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports.

Working knowledge of common audit and compliance tools. Experience with a GRC tool is a plus.

Demonstrable knowledge in the assessment of third-party suppliers.

Strong analytical thinking, written, and oral communication skills.

Ability to drive responsibilities independently, while serving as a valued team member in the greater context.

Education:

Bachelor’s degree – preferably in Information Security, Computer Science or related area.

Industry recognized certification in security (e.g., CISSP, CISA, CISM, CRISC, ISO27001).

Diversity & Inclusion

A&M’s entrepreneurial culture celebrates independent thinkers and doers who can positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M’s core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity—are the main reasons our people love working at A&M. Inclusive Diversity means we embrace diversity and we foster inclusiveness. It runs through how we recruit, develop employees, conduct business, support clients, and partner with vendors. It is the A&M way.

Voluntary Inclusion

It is Alvarez & Marsal’s policy to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, sex, sexual orientation, gender identity, family medical history or genetic information, political affiliation, military service, pregnancy, marital status, family status, religion, national origin, age or disability or any other non-merit based factor in accordance with all applicable laws and regulations.

Unsolicited Resumes from Third-Party Recruiters

Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters were engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.