GRC Security Analyst IV

The governance, risk and compliance (GRC) security lead is a critical member of the security team will help drive all Information Security governance, risk, and compliance activities. The position will support the security direction of the business and elevate the Firm’s security posture. The GRC security lead is also responsible for the planning and maintenance of policies, as well as a comprehensive controls framework with global third-party risk management.
The ideal candidate is technical and possesses at least five years of experience in security, compliance or risk management. The role oversees the business’ security requirements and obligations mandated by standards, regulations, and clients. In tandem with security leadership, the GRC security lead consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the GRC security lead monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the GRC security lead must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.

Job Description

ESSENTIAL JOB FUNCTIONS:

• Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
• Maintain oversight in a GRC-related platform.
• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
• Develop and drive a comprehensive security awareness program.
• Analyze findings, and document, recommend and report program gaps to security leadership.
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices and procedures.
• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
• Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
• Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting. 
• Work in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
• Attend and fully engage in change and project management meetings.
• Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
• Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance and privacy laws.
• Perform other duties as assigned.

QUALIFICATIONS

Skills and Abilities:

• At least 6+ years’ experience in cybersecurity as a practitioner and with at least 2 to 3+ years exposure with various security frameworks.
• Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
• Experience and understanding of various regulatory requirements and laws, including but not limited to HIPAA, GDPR and GLBA. Additional experience in one or more of the following: ISO 27001/2, ITIL or NIST.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
• Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security is required.
• Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

A successful candidate for this role has the following attributes and experience:

• Prior experience with leading GRC systems from vendors such as OneTrust.
• Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
• Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
• Successful track record of managing external entities’ contracts and relationships, and mitigating risks to business development opportunities.
• Familiarity with state, federal and international privacy laws.
• Highly trustworthy; leads by example.
• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.

Additional Job Description

PHYSICAL EFFORT / WORK CONDITIONS

• This position operates in a professional office environment which is generally free of hazards and exposure to adverse environmental conditions.
• This position requires regular attendance on-site at a Dechert location.
• This position routinely operates standard office equipment such as computers, phones, photocopy machines, fax machines and filing cabinets, and requires frequent communication with the firm’s employees and partners as well as third parties.
• This position is mainly sedentary.  Primary functions require sufficient physical ability and mobility to work in an office setting; to read, sit and type for sustained periods of time; to walk, stand, reach and bend; to open and close filing cabinets and access and retrieve materials in file rooms; to lift, carry and move files or other items of light to moderate weight; to operate equipment requiring repetitive hand movement and fine coordination; and to verbally communicate to exchange information.
• This position requires a normal audio range, with or without correction. It also requires the normal visual range, with or without correction. Specific vision abilities required include close vision, distance vision, color vision, depth perception, and the ability to adjust focus.

Location(s)

Philadelphia

Time Type

Full time

Dechert LLP is committed to ensuring equal employment opportunity and non-discrimination.  The Firm prohibits unlawful discrimination in any term or condition of employment against any employee or applicant for employment because of the individual’s race, color, creed, religion, sex, age, marital status, national origin, ancestry, citizenship, sexual orientation, gender identity or expression, genetic information, disability, membership or service in the armed forces, or any other characteristic protected by law.