Senior Technology Risk Auditor

Client is looking for an experienced Senior Technology Risk Auditor to join the Electronic Information Governance Department. The Auditor will be responsible for ensuring compliance of in-house technology with best practices in the legal industry, client requirements, and regulations related to IS security and privacy. In addition to internal audits, this position will also handle responses to client and certification-related inquiries, questionnaires, and audits. The Technology Risk Auditor will report to the Electronic Information Governance Director and work closely with clients, lawyers, and business professionals throughout the firm. Principal Duties and Responsibilities: Act as an internal auditor for client-managed platforms and systems. Represent the client in assessments, questionnaires, and ISO audits. Oversee comprehensive risk assessments of the firm's technology systems, including client data management platforms, document management systems, cloud-based legal applications, and communication tools to ensure application of industry best practices & evaluate control efficacy. Collaborate with firm departments to understand technology needs and risks, making recommendations to minimize risk. Lend subject matter expertise on IT controls, policies, and processes as they relate to client applications and infrastructure systems. Coordinate with IS teams and system owners to implement security and process improvements, as well as risk mitigation strategies applicable to technology platforms. Keep the firm updated on emerging technology risks in the legal sector and recommend updates to internal controls. Refine internal audit processes to reflect changing technology, risks, and best practices. Develop and maintain the firm's information security policies and procedures, ensuring alignment with legal industry-specific compliance requirements and standards. Identify client service issues based on industry trends and communicate findings to the engagement team through written and verbal reports. Perform risk assessments of critical technology providers against controls, client requirements, and industry standards. Report to leadership on technology risk status and audit findings, and make recommendations accordingly. Qualifications: Expertise in audit principles and compliance best practices. Experience responding to internal and external IT audits. Broad knowledge of compliance tools, processes, and GRC field. Experience in writing policies and procedures. Knowledge of laws and practices related to data privacy and information assurance. Ability to handle multiple projects with professionalism, client service orientation, and attention to detail. Strong analytical and problem-solving skills. Ability to independently apply skills to issues and initiatives. Education and Experience: Bachelor's or master's degree in business, accounting, finance, computer science, information systems, engineering, or related discipline. At least 6 years of experience as an IT auditor or risk adviser in a professional services firm or industry. Relevant certifications such as CISA, CISSP, CISM, CGEIT. Experience with internal audit risk assessment, ISO 27001/SOC reporting, or ERP security reviews. Work Requirements: On-site during normal hours (hybrid environment). Availability outside normal hours for high-priority work. #J-18808-Ljbffr