Munger, Tolles & Olson LLP
Risk and Compliance Analyst II
Munger, Tolles & Olson LLP, Los Angeles, California, United States, 90079
**Job Description**Risk & Compliance Analyst II**Position Type:****Full Time****Non-exempt****Offsite** (work in-office based on business needs.) Must be within commutable distance to the office**Location:
Los Angeles OR San Francisco OR Washington D.C.****Residency Requirements:**Washington D.C.: For all positions based in the Washington, D.C. office, residency within Washington D.C., Maryland or Virginia and within a reasonable commutable distance to the assigned office is required depending on the firm's discretion and the nature of the role.Los Angeles and San Francisco Offices: For all positions based in the Los Angeles and San Francisco offices, residency within the state of California and within a reasonable commutable distance to the assigned office is required depending on the firm's discretion and the nature of the role.**Salary Range for Los Angeles and Washington D.C.:
$44.67/hour - $57.70/hour ($92,913.60 - $120,016.00 annually) \*****Salary Range for San Francisco:
$49.04/hour - $63.47/hour ($102,003.20 - $132,017.60 annually) \****\***The salary range is the one that Munger, Tolles & Olson LLP reasonably expects to pay for this position.
The salary range does not guarantee, obligate, nor set expectations of an applicant’s wage in the event of hire.
The posted range is only one component of Munger, Tolles & Olson LLP’s Total Rewards package.**-------------*The **Risk & Compliance Analyst II** brings subject matter expertise to the Firm’s risk and compliance management programs, partnering with legal support, operations, and technology teams to ensure compliance with Firm policies and client outside counsel guidelines.
This includes implementing tools and processes related to internal controls, information governance, risk management, and both client and regulatory compliance.
The **Risk & Compliance Analyst II** also assists with key governance functions, including outside counsel guideline and audit letter reviews.
This position is part of the Information Security and Governance (ISG) department and has significant interactions with partners, clients, and other departments within the Firm.**Job Functions & Responsibilities*** Maintain a balanced risk management and compliance control framework, working with key stakeholders in alignment with Firm and client standards* Review Firm policies, procedures, and standards, partnering with Human Resources and other stakeholders to ensure compliance with client outside counsel guidelines* Facilitate and document client security assessments and other client requests, including internal and client communications, meetings, deadlines, research, responses, and remediation requests* Analyze client security assessment results and recommend improvements to business processes, administrative, and technical controls* Collect vendor information from vendor owners, research tools, and public resources, ensuring the vendor database is up-to-date* Maintain vendor management tools used to track the vendor management lifecycle, security risk assessments, business risk assessments, and contract reviews* Conduct security and business risk assessments of third party vendors, tracking remediation requests in accordance with the vendor risk program and policies* Review contracts for low risk third party vendors in accordance with the vendor management program, partnering with vendor owners and contract review attorneys* Review and develop scenarios for the Firm’s risk register* Partner with appropriate business units to ensure appropriate operational, technical, and data privacy controls are implemented and enforced* Document internal controls and map to Firm and client compliance standards (e.g., ISO 27001, SOC 2, NIST, Center for Internet Security Top 18)* Analyze compliance gaps and recommend improvements to business processes, administrative, and technical controls* Respond to Data Subject Request (DSR) inquiries related to GDPR, CCPA, or other privacy laws* Document, investigate, and report compliance issues and incidents, where necessary* Collect, analyze, and prepare reports required for senior management, auditors, and other relevant stakeholders* Assist with the outside counsel guideline review process (e.g., drafting responses, tracking deadlines, liaise with risk partners for review and approval)* Assist with the audit letter review process (e.g., drafting letters, tracking deadlines, liaise with the Audit Committee for review and approval)* Other duties as assigned**Tools*** Proficiency with Microsoft Office Word, Excel, and PowerPoint is desired* Proficiency with Governance, Risk, and Compliance (GRC) tools (i.e., RSA Archer, LogicManager, KnowBe4 Compliance Manager) is desired* Proficiency with vendor risk tools (e.g., Third Party Trust, Argos Risk, BitSight, RiskRecon) is desired* Familiarity with Microsoft 365 (e.g., Microsoft SharePoint, Teams, and OneDrive) and document management systems is desired* Familiarity with project management and agile collaboration tools is desired**Minimum Job Qualifications*** Bachelor's degree preferred, or comparable experience of 5+ years of combined experience in information security, GRC, BCP/DR, or risk management with at least 3 years of experience developing and implementing governance, risk, or compliance programs.* High school diploma or GED required.* Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), or other relevant training and certifications are highly recommended.* Excellent attention to detail, critical thinking, and analytical skills.* Ability to work proactively and efficiently in a fast-paced environment, interacting professionally with others.* Dedicated to excellent customer service.* Ability to communicate effectively, verbally and in writing.* Ability to follow directions and collaborate effectively with a team* Understanding of project management principals and methodologies.**Physical Demands**Writing, typing, reading, speaking, hearing, seeing, sitting, bending, reaching, lifting up to 25 lbs.**Working Conditions**Quiet office environment in a high-rise building, seated the majority of the time.**Direct Reports**None**Competencies*** **Teamwork and Cooperation:** Treats others with respect; works well with others; asks for help when necessary; willing to share credit; avoids pointing fingers or assigning blame; volunteers to help others when available to do so; empathetic to others.* **Communication:** Communicates clearly and appropriately with adequate frequency and tools; understands the need for regular, timely, and high quality communication; listens actively and asks appropriate questions; understands the message.* **Flexibility:** Adapts to changing conditions; willing to do something new/different; open to change; accepting of differences.* **Problem Solving:** Seeks solutions to problems; proposes creative and effective solutions to problems; examines underlying cause of problems when seeking a solution.* **Service Focus:** Desires to help or serve those requesting service to meet their needs, responsive, and available when needed; proactively anticipates needs and expectations, and acts accordingly to support the success of the firm.* **Self-Development:** Uses constructive feedback to improve; learns from mistakes; shows eagerness and capacity to learn; attends available training; shows interest in improving self; proactively looks for opportunities to gain experience in a range of responsibilities.* **Organization and Time Management:** Orderly in approach to work; able to plan and execute work effectively and accurately; tracks and follows through on requests; maintains a well-organized and clean work area; prioritizes and understands urgency; able to be punctual and prepared; manages multiple tasks simultaneously.* #J-18808-Ljbffr
Los Angeles OR San Francisco OR Washington D.C.****Residency Requirements:**Washington D.C.: For all positions based in the Washington, D.C. office, residency within Washington D.C., Maryland or Virginia and within a reasonable commutable distance to the assigned office is required depending on the firm's discretion and the nature of the role.Los Angeles and San Francisco Offices: For all positions based in the Los Angeles and San Francisco offices, residency within the state of California and within a reasonable commutable distance to the assigned office is required depending on the firm's discretion and the nature of the role.**Salary Range for Los Angeles and Washington D.C.:
$44.67/hour - $57.70/hour ($92,913.60 - $120,016.00 annually) \*****Salary Range for San Francisco:
$49.04/hour - $63.47/hour ($102,003.20 - $132,017.60 annually) \****\***The salary range is the one that Munger, Tolles & Olson LLP reasonably expects to pay for this position.
The salary range does not guarantee, obligate, nor set expectations of an applicant’s wage in the event of hire.
The posted range is only one component of Munger, Tolles & Olson LLP’s Total Rewards package.**-------------*The **Risk & Compliance Analyst II** brings subject matter expertise to the Firm’s risk and compliance management programs, partnering with legal support, operations, and technology teams to ensure compliance with Firm policies and client outside counsel guidelines.
This includes implementing tools and processes related to internal controls, information governance, risk management, and both client and regulatory compliance.
The **Risk & Compliance Analyst II** also assists with key governance functions, including outside counsel guideline and audit letter reviews.
This position is part of the Information Security and Governance (ISG) department and has significant interactions with partners, clients, and other departments within the Firm.**Job Functions & Responsibilities*** Maintain a balanced risk management and compliance control framework, working with key stakeholders in alignment with Firm and client standards* Review Firm policies, procedures, and standards, partnering with Human Resources and other stakeholders to ensure compliance with client outside counsel guidelines* Facilitate and document client security assessments and other client requests, including internal and client communications, meetings, deadlines, research, responses, and remediation requests* Analyze client security assessment results and recommend improvements to business processes, administrative, and technical controls* Collect vendor information from vendor owners, research tools, and public resources, ensuring the vendor database is up-to-date* Maintain vendor management tools used to track the vendor management lifecycle, security risk assessments, business risk assessments, and contract reviews* Conduct security and business risk assessments of third party vendors, tracking remediation requests in accordance with the vendor risk program and policies* Review contracts for low risk third party vendors in accordance with the vendor management program, partnering with vendor owners and contract review attorneys* Review and develop scenarios for the Firm’s risk register* Partner with appropriate business units to ensure appropriate operational, technical, and data privacy controls are implemented and enforced* Document internal controls and map to Firm and client compliance standards (e.g., ISO 27001, SOC 2, NIST, Center for Internet Security Top 18)* Analyze compliance gaps and recommend improvements to business processes, administrative, and technical controls* Respond to Data Subject Request (DSR) inquiries related to GDPR, CCPA, or other privacy laws* Document, investigate, and report compliance issues and incidents, where necessary* Collect, analyze, and prepare reports required for senior management, auditors, and other relevant stakeholders* Assist with the outside counsel guideline review process (e.g., drafting responses, tracking deadlines, liaise with risk partners for review and approval)* Assist with the audit letter review process (e.g., drafting letters, tracking deadlines, liaise with the Audit Committee for review and approval)* Other duties as assigned**Tools*** Proficiency with Microsoft Office Word, Excel, and PowerPoint is desired* Proficiency with Governance, Risk, and Compliance (GRC) tools (i.e., RSA Archer, LogicManager, KnowBe4 Compliance Manager) is desired* Proficiency with vendor risk tools (e.g., Third Party Trust, Argos Risk, BitSight, RiskRecon) is desired* Familiarity with Microsoft 365 (e.g., Microsoft SharePoint, Teams, and OneDrive) and document management systems is desired* Familiarity with project management and agile collaboration tools is desired**Minimum Job Qualifications*** Bachelor's degree preferred, or comparable experience of 5+ years of combined experience in information security, GRC, BCP/DR, or risk management with at least 3 years of experience developing and implementing governance, risk, or compliance programs.* High school diploma or GED required.* Certified Information Security Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), or other relevant training and certifications are highly recommended.* Excellent attention to detail, critical thinking, and analytical skills.* Ability to work proactively and efficiently in a fast-paced environment, interacting professionally with others.* Dedicated to excellent customer service.* Ability to communicate effectively, verbally and in writing.* Ability to follow directions and collaborate effectively with a team* Understanding of project management principals and methodologies.**Physical Demands**Writing, typing, reading, speaking, hearing, seeing, sitting, bending, reaching, lifting up to 25 lbs.**Working Conditions**Quiet office environment in a high-rise building, seated the majority of the time.**Direct Reports**None**Competencies*** **Teamwork and Cooperation:** Treats others with respect; works well with others; asks for help when necessary; willing to share credit; avoids pointing fingers or assigning blame; volunteers to help others when available to do so; empathetic to others.* **Communication:** Communicates clearly and appropriately with adequate frequency and tools; understands the need for regular, timely, and high quality communication; listens actively and asks appropriate questions; understands the message.* **Flexibility:** Adapts to changing conditions; willing to do something new/different; open to change; accepting of differences.* **Problem Solving:** Seeks solutions to problems; proposes creative and effective solutions to problems; examines underlying cause of problems when seeking a solution.* **Service Focus:** Desires to help or serve those requesting service to meet their needs, responsive, and available when needed; proactively anticipates needs and expectations, and acts accordingly to support the success of the firm.* **Self-Development:** Uses constructive feedback to improve; learns from mistakes; shows eagerness and capacity to learn; attends available training; shows interest in improving self; proactively looks for opportunities to gain experience in a range of responsibilities.* **Organization and Time Management:** Orderly in approach to work; able to plan and execute work effectively and accurately; tracks and follows through on requests; maintains a well-organized and clean work area; prioritizes and understands urgency; able to be punctual and prepared; manages multiple tasks simultaneously.* #J-18808-Ljbffr