Sr. Risk & Compliance Analyst

Job Summary:

The Senior Risk & Compliance Analyst works with the Information Security Analyst, Manager, and the Chief Information Security Officer (CISO) managing and coordinating the governance, risk and compliance framework for the organization. This role will coordinate risk identification, prioritization, treatment, monitoring, and risk reporting. The Senior Analyst will work with cross-functional teams to design and implement security initiatives and will serve as a resource person on specific information security technologies as well as technologies related compliance requirements.

Job Duties:

Compliance Management:

• Facilitates the management of information security controls, requirements, and compliance frameworks, including ISO 27001, SOC 2 and HITRUST
• Documents and assess the implementation of security controls and requirements
• Coordinates third party audits, recommends treatment plans, and oversees remediation of findings
• Establishes metrics and key performance indicators related to governance, risk, and compliance
• Reports metrics and other key performance indicators to management

Risk and Governance:

• Conducts risk assessments against established frameworks (i.e., ISO 27001)
• Manages risk assessments, risk register and risk mitigation plans
• Facilitates risk meetings with business and process owners to communicate findings and coordinate risk treatments
• Establishes policies, standards, and procedures related to risk governance, risk, and compliance
• Identifies opportunities for improvement and maintain a continuous improvement plan

Other duties as required

Supervisory Responsibilities:

• N/A

Qualifications, Knowledge, Skills and Abilities:

Education:

• High School Diploma or GED, required
• Bachelor’s degree in Computer Science, or Information Technology, preferred

Experience:

• Five (5) or more years of experience in governance, risk and compliance (GRC) & certification management (i.e., ISO 27001), required
• Prior experience and understanding of audit frameworks and facilitating compliance audits (i.e., SOC, HIPAA), required
• Experience performing risk reporting and creating reports to inform stakeholders and risk owners, required
• Experience performing third-party vendor risk assessments, preferred

License(s)/Certification(s):

• Prior experience with Governance, Risk Management and Compliance Management (GRC) tools such as Archer, ServiceNow, or equivalent solutions, required
• CISSP, CRISC, CISM, and/or CISA, preferred
• Prior experience with third party vendor risk assessment tools, preferred

Language(s):

• N/A

Other Knowledge, Skills & Abilities:

• Ability to communicate well, participate in cross-functional and individual contributor efforts independently and with minimal oversight
• Strong analytical and problem-solving skills
• Strong verbal and written communication skills (documenting concepts, designs, presenting to groups, etc.)
• Excellent interpersonal and customer relationship skills
• Capacity to work in a deadline-driven environment while handling multiple complex projects/tasks simultaneously with a focus on details
• Capable of successfully multi-tasking while working independently or within a group environment
• Strong understanding of risk management and compliance frameworks
• Ability to rely on extensive experience and judgement to plan and accomplish goals
• Ability to quickly troubleshoot complex problems and take appropriate corrective action
• Capable of working well under pressure while dealing with unexpected problems in a professional manner
• Capacity to communicate and interact with all levels of employees and management
• Ability to interact and build consensus among people
• Strength in both business and technical requirements analysis
• Ability to work after standard business hours (on-call) and travel as needed

Individual salaries that are offered to a candidate are determined after consideration of numerous factors including but not limited to the candidate’s qualifications, experience, skills, and geography.   National Range: $105,000 - $110,000 Maryland Range: $105,000 - $110,000 NYC/Long Island/Westchester Range: $105,000 - $110,000

Join us at BDO, where you will find more than a career, you’ll find a place where your work is impactful, and you are valued for your individuality. We offer flexibility and opportunities for advancement. Our culture is centered around making meaningful connections, approaching interactions with curiosity, and being true to yourself, all while making a positive difference in the world. 

At BDO, our purpose of helping people thrive every day is at the heart of everything we do. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients, and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first, by sharing financially in our growth in value with our U.S. team.  BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.

BDO is the first large accounting and advisory organization to implement an Employee Stock Ownership Plan (ESOP). A qualified retirement plan, the ESOP offers participants a stake in the firm’s success through beneficial ownership and a unique opportunity to enhance their financial well-being. The ESOP stands as a compelling addition to our comprehensive compensation and Total Rewards benefits* offerings. The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm’s success, with no employee contributions. 

We are committed to delivering exceptional experiences to middle market leaders by sharing insight-driven perspectives, helping companies take business as usual to better than usual. With industry knowledge and experience, a breadth and depth of resources, and unwavering commitment to quality, we pride ourselves on:

• Welcoming diverse perspectives and understanding the experience of our professionals and clients
• Empowering team members to explore their full potential
• Our talented team who brings varying skills, knowledge and experience to proactively help our clients navigate an expanding array of complex challenges and opportunities
• Celebrating ingenuity and innovation to transform our business and help our clients transform theirs
• Focus on resilience and sustainability to positively impact our people, clients, and communities
• BDO Total Rewards that encompass so much more than traditional “benefits.”  Click here to find out more!

*Benefits may be subject to eligibility requirements.

Equal Opportunity Employer, including disability/vets

Click here to find out more!