IT Risk & Compliance Third Party Engineer

Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. We represent companies at every stage of development, from entrepreneurial start-ups to multibillion-dollar global corporations, as well as the venture firms, private equity firms, and investment banks that finance and advise them. The firm has approximately 1,100 attorneys in 17 offices: 13 in the U.S., two in China, and two in Europe. Our broad spectrum of practices and entrepreneurial spirit allow our staff exceptional opportunities for professional achievement and career growth.

The firm is actively seeking an IT Risk & Compliance Third Party Engineer to join our IT Security & Risk Management team for our Washington, D.C. office. This role, under the guidance of the Director of Information Security Governance, Risk & Compliance is responsible for Wilson Sonsini Goodrich & Rosati’s (WSGR’s) day-to-day governance risk and compliance processes also, this position focuses on third-party compliance and risk assessment. This individual will work closely with other IT engineering teams to help enhance the risk posture of WSGR.

This role is available as a flexible hybrid work schedule.

Responsibilities:

• Conduct regular audits and assessments of third-party vendors to evaluate compliance with the organization’s policies and regulatory requirements
• As part of the Third-Party Risk Management (TPRM) team, ability to focus on engineering continuous improvement efforts in the Third-Party risk assessment process
• Work with TPRM teams to schedule and execute a variety of activities related to third party risk assessment
• As a Third-Party Risk Engineer, ability to support the implementation of the Third-Party Management Policy, risk remediation and risk scoring
• Review, measure, monitor and report on the state of key risk metrics and compliance gaps across the WSGR
• Evaluate, quantify, and communicate risk across the WSGR internal technical and procedural controls
• Improve risk monitoring and observability through log analysis, dashboard creation, and automated alerts and response
• Track and monitor IT remediation and risk treatment plans
• Assist in implementing and enforcing audit, governance, and risk frameworks across the WSGR
• Perform deep-dive analysis of cybersecurity issues using data from various threat management and provide recommendations and remediation

Qualifications:

• Bachelor's Degree required in Computer Science, Information Technology, or related field of study
• ServiceNow certifications required, 3+ years of ServiceNow experience
• 4+ years of relevant experience in risk and compliance or security
• Knowledge of Governance Risk & Compliance (GRC) tools is highly desired
• Knowledge of the NIST Cybersecurity Framework (CSF) and NIST 800-53
• Strong analytical, problem- solving, multitasking and time management skills and ability to follow through on issues to resolution
• Excellent technical writing and verbal communication skills
• Ability to work independently and to carry out assignments to completion within parameters of instructions given, prescribed routines, and standard accepted practices

The primary location for this job posting is in Washington, D.C.. The actual base pay offered will depend upon a variety of factors, including but not limited to the selected candidate’s qualifications, years of relevant experience, level of education, professional certifications and licenses, and work location. The anticipated pay range for this position is as follows: $105,400 - $142,600 per year.

The compensation for this position may include a discretionary year-end merit bonus based on performance. We offer a highly competitive salary and benefits package.

Benefits information can be found here. Equal Opportunity Employer (EOE).