Debevoise & Plimpton LLP
TECHNOLOGY RISK & COMPLIANCE ANALYST
If you want to know about the requirements for this role, read on for all the relevant information. Information Services Department Debevoise & Plimpton LLP is a premier law firm with market-leading practices, a global perspective and strong New York roots. Our clients look to us to bring a distinctively high degree of quality, intensity and creativity to resolve legal challenges effectively and cost efficiently. We believe in hiring talented, dedicated and highly motivated individuals as members of our administrative community. We draw on the strength of our culture and structure to deliver the best of our firm to our lawyers and clients through true collaboration.
The firm is seeking a
Technology Risk & Compliance Analyst , reporting to the Technology Risk & Compliance Manager. The Technology Risk & Compliance Analyst will work with clients, external vendors and internal business units to support the firm's risk management activities. Strong written and oral communication skills are essential, as are excellent attention to detail and organizational skills.
RESPONSIBILITIES include but are not limited to: Client Security Assessment Support:
Respond promptly to inquiries from clients and prospective clients for security information
Track and coordinate the completion of security assessment questionnaires and open issues
Work with matter teams, GCO, IS and other departments to gather information and resolve issues and ensure that client compliance requirements are met
Firm External Security Assessment Support (ISO27001, financial software audit, others):
Schedule and participate in activities to maintain the firm's ISO27001 certification
Coordinate periodic reviews of risk management policies and procedures
Gather evidence to support external ISO and client audits
Vendor Risk Management:
Create and maintain robust inventory of key firm services providers to support the firm's efforts to ensure that risks associated with service providers are identified, evaluated and controlled
Work with business units to maintain up-to-date documentation of current vendor relationships
Conduct vendor risk assessments of high-risk vendors
Track and coordinate the resolution of vendor remediations
Work with GCO to ensure that contract reviews are performed according to best practices
Firm Internal Compliance Reviews:
Work with IS management, firm management and business units across the firm to develop risk management policies, procedures and training materials
Conduct periodic access reviews for IS; train and support other departments in conducting access reviews and other risk mitigation measures required by policy
Conduct internal reviews to ensure ongoing compliance with firm policies
General:
Keep up with current standards and best practices in the industry
Suggest and draft improvements to firm policies, procedures and controls
Other related duties and projects as assigned
REQUIREMENTS:
Bachelor's degree or relevant professional experience
Three or more years of administrative support and/or project coordination experience in law firm or similar environment
Strong written and oral communication skills
Excellent attention to detail and organizational skills
Demonstrated ability to take ownership of tasks
Demonstrated ability to learn new software and processes
Strong Excel skills
PREFERRED QUALIFICATIONS:
Experience with IT security auditing, security risk assessments, or IT compliance
Experience writing policies, procedures and/or technical documentation
Exposure to/knowledge of ISO27001 and related standards and information security best practices, operational risk management best practices
Familiarity with VRM or GRC tools
Familiarity with generative AI tools
TO APPLY:
A resume and cover letter are required to apply for this position. Please tell us where you saw this position posted. Send required materials to:
Human Resources
jferrigno@debevoise.com
212.909.8310
#J-18808-Ljbffr
If you want to know about the requirements for this role, read on for all the relevant information. Information Services Department Debevoise & Plimpton LLP is a premier law firm with market-leading practices, a global perspective and strong New York roots. Our clients look to us to bring a distinctively high degree of quality, intensity and creativity to resolve legal challenges effectively and cost efficiently. We believe in hiring talented, dedicated and highly motivated individuals as members of our administrative community. We draw on the strength of our culture and structure to deliver the best of our firm to our lawyers and clients through true collaboration.
The firm is seeking a
Technology Risk & Compliance Analyst , reporting to the Technology Risk & Compliance Manager. The Technology Risk & Compliance Analyst will work with clients, external vendors and internal business units to support the firm's risk management activities. Strong written and oral communication skills are essential, as are excellent attention to detail and organizational skills.
RESPONSIBILITIES include but are not limited to: Client Security Assessment Support:
Respond promptly to inquiries from clients and prospective clients for security information
Track and coordinate the completion of security assessment questionnaires and open issues
Work with matter teams, GCO, IS and other departments to gather information and resolve issues and ensure that client compliance requirements are met
Firm External Security Assessment Support (ISO27001, financial software audit, others):
Schedule and participate in activities to maintain the firm's ISO27001 certification
Coordinate periodic reviews of risk management policies and procedures
Gather evidence to support external ISO and client audits
Vendor Risk Management:
Create and maintain robust inventory of key firm services providers to support the firm's efforts to ensure that risks associated with service providers are identified, evaluated and controlled
Work with business units to maintain up-to-date documentation of current vendor relationships
Conduct vendor risk assessments of high-risk vendors
Track and coordinate the resolution of vendor remediations
Work with GCO to ensure that contract reviews are performed according to best practices
Firm Internal Compliance Reviews:
Work with IS management, firm management and business units across the firm to develop risk management policies, procedures and training materials
Conduct periodic access reviews for IS; train and support other departments in conducting access reviews and other risk mitigation measures required by policy
Conduct internal reviews to ensure ongoing compliance with firm policies
General:
Keep up with current standards and best practices in the industry
Suggest and draft improvements to firm policies, procedures and controls
Other related duties and projects as assigned
REQUIREMENTS:
Bachelor's degree or relevant professional experience
Three or more years of administrative support and/or project coordination experience in law firm or similar environment
Strong written and oral communication skills
Excellent attention to detail and organizational skills
Demonstrated ability to take ownership of tasks
Demonstrated ability to learn new software and processes
Strong Excel skills
PREFERRED QUALIFICATIONS:
Experience with IT security auditing, security risk assessments, or IT compliance
Experience writing policies, procedures and/or technical documentation
Exposure to/knowledge of ISO27001 and related standards and information security best practices, operational risk management best practices
Familiarity with VRM or GRC tools
Familiarity with generative AI tools
TO APPLY:
A resume and cover letter are required to apply for this position. Please tell us where you saw this position posted. Send required materials to:
Human Resources
jferrigno@debevoise.com
212.909.8310
#J-18808-Ljbffr