DDQ Analyst

About the role:

Manage client Due Diligence Questionnaires (DDQs) and security inquiries, ensuring timely, accurate, and compliant responses. This role requires both technical security knowledge and compliance expertise to address cybersecurity controls, regulatory requirements, and risk management best practices. The ideal candidate will engage internal stakeholders, maintain response documentation, and continuously improve due diligence processes.

Key Responsibilities:

• Due Diligence Management: Act as the primary point of contact for client security inquiries and DDQs, coordinating responses with Compliance, Legal, IT, and Business Units.
• Security & Compliance Alignment: Ensure responses align with security best practices (ISO 27001, NIST CSF, SOC 2, GDPR, etc.) and company policies, providing necessary evidence of controls, risk assessments, and mitigations.
• Technical & Risk Assessment Support: Interpret and communicate technical security concepts (e.g., encryption, network security, access controls) while ensuring compliance with regulatory frameworks.
• Process Optimization & Documentation: Maintain accurate records of due diligence responses, enhance standardized templates, and identify trends to improve efficiency and security posture.
• Stakeholder Collaboration & Training: Work cross-functionally to resolve escalations, support audits, and provide guidance on security governance and compliance requirements.

Qualifications:

• Education: Bachelor's in technology related field.
• Experience: 3+ years in information security, risk management, or compliance, with hands-on experience in due diligence, security frameworks, and vendor/security risk assessments.
• Certifications (Preferred): CISSP, CISA, or equivalent.
• Skills:
• Strong understanding of cybersecurity principles and regulatory compliance requirements.
• Ability to translate technical security concepts into clear responses for non-technical stakeholders.
• Experience with GRC tools and security audits
• Excellent organizational and communication skills.

About GLG / Gerson Lehrman Group

GLG is the world’s insight network. Our clients rely on GLG’s global team to connect with powerful insight across fields from our network of approximately 1 million experts (and the hundreds of new experts we recruit every day).

We serve thousands of the world’s best businesses, from Fortune 500 corporations to leading technology companies to professional services firms and financial institutions. We connect our clients to the world’s largest and most varied source of first-hand expertise, including executives, scientists, academics, former public-sector leaders, and the foremost subject matter specialists.

GLG’s industry-leading compliance framework allows clients to learn in a structured, auditable, and transparent way, consistent with their own internal compliance obligations and the highest professional ethical standards. Our compliance standards are a major competitive differentiator and key component of the company’s culture.

To learn more, visit www.GLGinsights.com.

Gerson Lehrman Group, Inc. (“GLG”) is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, race, religion, color, marital status, disability, gender, national origin, sexual orientation, veteran status, or any classification protected by federal, state, or local law.