Munger, Tolles & Olson
Risk and Compliance Analyst II
Munger, Tolles & Olson, San Francisco, California, United States, 94199
Overview
Risk & Compliance Analyst II
— Full Time, Non-exempt, Offsite (in-office based on business needs). Must be within commutable distance to the office. Locations:
Los Angeles, CA or San Francisco, CA or Washington, D.C. Residency Requirements:
For the Washington, D.C. office, residency within Washington, D.C., Maryland, or Virginia and within a reasonable commutable distance to the assigned office is required depending on the firm’s discretion and the role. For Los Angeles and San Francisco offices, residency within California and within a reasonable commutable distance to the assigned office is required depending on the firm’s discretion and the nature of the role. Salary Range (subject to verification):
Los Angeles and Washington, D.C.: $44.67/hour - $57.70/hour ($92,913.60 - $120,016.00 annually). San Francisco: $49.04/hour - $63.47/hour ($102,003.20 - $132,017.60 annually). The posted range is part of the total rewards package and does not guarantee wage. ------------- Responsibilities
Maintain a balanced risk management and compliance control framework, working with key stakeholders in alignment with Firm and client standards. Review Firm policies, procedures, and standards; partner with Human Resources and other stakeholders to ensure compliance with client outside counsel guidelines. Facilitate and document client security assessments and other client requests, including internal and client communications, meetings, deadlines, research, responses, and remediation requests. Analyze client security assessment results and recommend improvements to business processes and controls (administrative and technical). Collect vendor information from vendor owners, research tools, and public resources; keep the vendor database up-to-date. Maintain vendor management tools used to track vendor management lifecycle, security risk assessments, and contract reviews. Conduct security and business risk assessments of third-party vendors; track remediation requests per the vendor risk program and policies. Review contracts for low-risk third-party vendors in accordance with the vendor management program; partner with vendor owners and contract review attorneys. Review and develop scenarios for the Firm’s risk register. Partner with appropriate business units to implement and enforce operational, technical, and data privacy controls. Document internal controls and map to Firm and client compliance standards (e.g., ISO 27001, SOC 2, NIST, CIS Top 18). Analyze compliance gaps and recommend improvements to processes and controls. Respond to Data Subject Request inquiries related to GDPR, CCPA, or other privacy laws. Document, investigate, and report compliance issues and incidents when necessary. Collect, analyze, and prepare reports for senior management, auditors, and other stakeholders. Assist with outside counsel guideline reviews (e.g., drafting responses, tracking deadlines, liaising with risk partners). Assist with audit letter review processes (e.g., drafting letters, tracking deadlines, liaising with Audit Committee). Other duties as assigned. Tools
Proficiency with Microsoft Office Word, Excel, and PowerPoint is desired. Proficiency with GRC tools (RSA Archer, LogicManager, KnowBe4 Compliance Manager) is desired. Proficiency with vendor risk tools (Third Party Trust, Argos Risk, BitSight, RiskRecon) is desired. Familiarity with Microsoft 365 (SharePoint, Teams, OneDrive) and document management systems is desired. Familiarity with project management and agile collaboration tools is desired. Minimum Job Qualifications
Bachelor's degree preferred, or 5+ years of combined experience in information security, GRC, BCP/DR, or risk management with at least 3 years in governance, risk, or compliance programs. High school diploma or GED required. Certified Information Security Auditor (CISA), CRISC, or other relevant training/certifications are highly recommended. Excellent attention to detail, critical thinking, and analytical skills. Ability to work proactively in a fast-paced environment and interact professionally. Strong customer service dedication. Effective written and verbal communication skills. Ability to follow directions and collaborate with a team. Understanding of project management principles and methodologies. Physical Demands
Writing, typing, reading, speaking, hearing, seeing, sitting, bending, reaching, lifting up to 25 lbs. Working Conditions
Quiet office environment in a high-rise building; seated most of the time. Direct Reports
None Competencies
Teamwork and Cooperation:
Treats others with respect; works well with others; asks for help when necessary; shares credit; avoids blame; assists others when possible; empathetic. Communication:
Communicates clearly with adequate frequency and tools; seeks timely, high-quality communication; listens actively. Flexibility:
Adapts to changing conditions; open to change; accepts differences. Problem Solving:
Seeks and proposes effective solutions; analyzes root causes. Service Focus:
Desires to help; responsive and available; anticipates needs. Self-Development:
Uses feedback to improve; eager to learn; pursues training opportunities. Organization and Time Management:
Plans and executes work effectively; manages multiple tasks; maintains organized work area. Composure:
Maintains professional presence under pressure. The
Risk & Compliance Analyst II
role is an opportunity on our team at Munger, Tolles & Olson, LLP. We offer competitive pay, benefits, and opportunities to impact today’s world. About Munger, Tolles & Olson Munger, Tolles & Olson has topped The American Lawyer’s A-List a record eleven times and maintains a high ranking in the awards’ history. We hire qualified professionals across IT, Information Security, Accounting, Human Resources, Legal Support, and Marketing. We are an equal opportunity employer and do not discriminate on the basis of race, color, religion, gender, gender identity or expression, pregnancy, childbirth and related medical conditions, marital status, parental status, national origin, age, sexual orientation, disability, or any other characteristic protected by law. It is our policy to prohibit discrimination, harassment, and retaliation. We encourage you to apply even if the level is not an exact match to your qualifications. This may not guarantee placement but is worth exploring for future opportunities. Munger, Tolles & Olson LLP (MTO) does not accept unsolicited resumes from third parties or agencies. If you wish to become an approved Agency, contact a member of the MTO Talent Acquisition Team.
#J-18808-Ljbffr
Risk & Compliance Analyst II
— Full Time, Non-exempt, Offsite (in-office based on business needs). Must be within commutable distance to the office. Locations:
Los Angeles, CA or San Francisco, CA or Washington, D.C. Residency Requirements:
For the Washington, D.C. office, residency within Washington, D.C., Maryland, or Virginia and within a reasonable commutable distance to the assigned office is required depending on the firm’s discretion and the role. For Los Angeles and San Francisco offices, residency within California and within a reasonable commutable distance to the assigned office is required depending on the firm’s discretion and the nature of the role. Salary Range (subject to verification):
Los Angeles and Washington, D.C.: $44.67/hour - $57.70/hour ($92,913.60 - $120,016.00 annually). San Francisco: $49.04/hour - $63.47/hour ($102,003.20 - $132,017.60 annually). The posted range is part of the total rewards package and does not guarantee wage. ------------- Responsibilities
Maintain a balanced risk management and compliance control framework, working with key stakeholders in alignment with Firm and client standards. Review Firm policies, procedures, and standards; partner with Human Resources and other stakeholders to ensure compliance with client outside counsel guidelines. Facilitate and document client security assessments and other client requests, including internal and client communications, meetings, deadlines, research, responses, and remediation requests. Analyze client security assessment results and recommend improvements to business processes and controls (administrative and technical). Collect vendor information from vendor owners, research tools, and public resources; keep the vendor database up-to-date. Maintain vendor management tools used to track vendor management lifecycle, security risk assessments, and contract reviews. Conduct security and business risk assessments of third-party vendors; track remediation requests per the vendor risk program and policies. Review contracts for low-risk third-party vendors in accordance with the vendor management program; partner with vendor owners and contract review attorneys. Review and develop scenarios for the Firm’s risk register. Partner with appropriate business units to implement and enforce operational, technical, and data privacy controls. Document internal controls and map to Firm and client compliance standards (e.g., ISO 27001, SOC 2, NIST, CIS Top 18). Analyze compliance gaps and recommend improvements to processes and controls. Respond to Data Subject Request inquiries related to GDPR, CCPA, or other privacy laws. Document, investigate, and report compliance issues and incidents when necessary. Collect, analyze, and prepare reports for senior management, auditors, and other stakeholders. Assist with outside counsel guideline reviews (e.g., drafting responses, tracking deadlines, liaising with risk partners). Assist with audit letter review processes (e.g., drafting letters, tracking deadlines, liaising with Audit Committee). Other duties as assigned. Tools
Proficiency with Microsoft Office Word, Excel, and PowerPoint is desired. Proficiency with GRC tools (RSA Archer, LogicManager, KnowBe4 Compliance Manager) is desired. Proficiency with vendor risk tools (Third Party Trust, Argos Risk, BitSight, RiskRecon) is desired. Familiarity with Microsoft 365 (SharePoint, Teams, OneDrive) and document management systems is desired. Familiarity with project management and agile collaboration tools is desired. Minimum Job Qualifications
Bachelor's degree preferred, or 5+ years of combined experience in information security, GRC, BCP/DR, or risk management with at least 3 years in governance, risk, or compliance programs. High school diploma or GED required. Certified Information Security Auditor (CISA), CRISC, or other relevant training/certifications are highly recommended. Excellent attention to detail, critical thinking, and analytical skills. Ability to work proactively in a fast-paced environment and interact professionally. Strong customer service dedication. Effective written and verbal communication skills. Ability to follow directions and collaborate with a team. Understanding of project management principles and methodologies. Physical Demands
Writing, typing, reading, speaking, hearing, seeing, sitting, bending, reaching, lifting up to 25 lbs. Working Conditions
Quiet office environment in a high-rise building; seated most of the time. Direct Reports
None Competencies
Teamwork and Cooperation:
Treats others with respect; works well with others; asks for help when necessary; shares credit; avoids blame; assists others when possible; empathetic. Communication:
Communicates clearly with adequate frequency and tools; seeks timely, high-quality communication; listens actively. Flexibility:
Adapts to changing conditions; open to change; accepts differences. Problem Solving:
Seeks and proposes effective solutions; analyzes root causes. Service Focus:
Desires to help; responsive and available; anticipates needs. Self-Development:
Uses feedback to improve; eager to learn; pursues training opportunities. Organization and Time Management:
Plans and executes work effectively; manages multiple tasks; maintains organized work area. Composure:
Maintains professional presence under pressure. The
Risk & Compliance Analyst II
role is an opportunity on our team at Munger, Tolles & Olson, LLP. We offer competitive pay, benefits, and opportunities to impact today’s world. About Munger, Tolles & Olson Munger, Tolles & Olson has topped The American Lawyer’s A-List a record eleven times and maintains a high ranking in the awards’ history. We hire qualified professionals across IT, Information Security, Accounting, Human Resources, Legal Support, and Marketing. We are an equal opportunity employer and do not discriminate on the basis of race, color, religion, gender, gender identity or expression, pregnancy, childbirth and related medical conditions, marital status, parental status, national origin, age, sexual orientation, disability, or any other characteristic protected by law. It is our policy to prohibit discrimination, harassment, and retaliation. We encourage you to apply even if the level is not an exact match to your qualifications. This may not guarantee placement but is worth exploring for future opportunities. Munger, Tolles & Olson LLP (MTO) does not accept unsolicited resumes from third parties or agencies. If you wish to become an approved Agency, contact a member of the MTO Talent Acquisition Team.
#J-18808-Ljbffr