Security Analyst

Position: Senior IT Risk & Compliance Auditor

Overview:

A leading legal services organization is seeking a seasoned professional to join its Information Governance team as a Senior IT Risk & Compliance Auditor. This role is pivotal in ensuring that the firm’s technology infrastructure aligns with industry standards, client expectations, and regulatory requirements related to cybersecurity and data privacy. The successful candidate will serve as a key liaison between internal teams and external stakeholders, contributing to audits, assessments, and policy development.

Key Responsibilities:

• Conduct internal audits of enterprise systems and managed platforms.
• Represent the firm in external audits, client security reviews, and certification processes such as ISO.
• Lead risk evaluations of core technology systems, including cloud-based legal tools, document management platforms, and client data environments.
• Partner with internal departments to assess technology-related risks and recommend mitigation strategies.
• Provide subject matter expertise on IT governance, security controls, and compliance frameworks.
• Collaborate with IT and system owners to enhance security protocols and operational processes.
• Monitor and report on emerging risks in the legal tech landscape, advising on necessary control updates.
• Continuously improve audit methodologies to reflect evolving technologies and risk profiles.
• Support the development and maintenance of firm-wide information security policies in alignment with legal industry standards.
• Identify and communicate client-facing technology risks and service issues through reports and presentations.
• Evaluate third-party technology providers for compliance with internal and external standards.
• Deliver regular updates to leadership on audit outcomes and risk posture.
• Assist in the deployment and management of a Governance, Risk, and Compliance (GRC) platform.

Qualifications:

• Deep understanding of audit methodologies, IT compliance, and risk management.
• Demonstrated experience managing internal and external IT audit processes.
• Familiarity with GRC tools and compliance frameworks.
• Strong background in drafting and maintaining IT policies and procedures.
• Knowledge of data protection laws and cybersecurity best practices.
• Ability to manage multiple priorities with a high level of professionalism and attention to detail.
• Strong analytical, problem-solving, and communication skills.

Education & Experience:

• Bachelor’s or Master’s degree in a relevant field such as Information Systems, Computer Science, Business, or Engineering.
• Minimum of 6 years in IT auditing or technology risk advisory roles, preferably within professional services or public accounting.
• Relevant certifications such as CISA, CISSP, CISM, or CGEIT.
• Experience in one or more of the following areas: internal audit risk assessments, ISO 27001/SOC reporting, or ERP security reviews (e.g., SAP, Oracle, Workday).

Work Environment:

• Hybrid work model with on-site presence during standard business hours.
• Flexibility to work outside regular hours when necessary to meet critical deadlines.