Governance Risk and Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Management Information Systems (MIS), Computer Science, or a related discipline OR equivalent work experience.
• At least 3 years of experience in information security, with a specific focus on information and data governance.
• Strong knowledge of risk and controls, including working knowledge of standards and frameworks such as COSO, COBIT, ISO, NIST, and ITIL.
• Ability to thrive in an environment of change and manage multiple tasks and responsibilities simultaneously.
• Practical experience with information security risk assessments and information security audits.

Nice To Haves

• Information Governance Professional (IGP) and/or Certified Information Professional (CIP) certifications.
• Experience working in the Legal industry.
• Industry-recognized certification relevant to information security, such as CISSP, CRISC, SEC+, CISM or applicable certifications/accreditation.
• You have strong understanding of information security regulatory requirements and best practices.

Responsibilities

• Participate in activities associated with Polsinelli’s information and data governance programs.
• Perform reviews of Outside Counsel Guidelines to ensure that the Firm meets or exceeds client security requirements and completes the appropriate forms documenting the review.
• Complete client security questionnaires in a timely manner.
• Support the execution of a multi-year roadmap to enhance Polsinelli’s data governance capabilities.
• Conduct analysis and advise on information governance topics related to legal and regulatory compliance.
• Monitor compliance with data governance policies and standards and assess potential risks associated with data handling.
• Collaborate and drive security initiatives, working with people across multiple teams.
• Enable the business and other stakeholders to make risk-aware decisions by advising business units and technology leaders of the information security risks and proposing acceptable risk treatment options and alternatives.
• Support the information security and data governance program efforts through the collection of performance indicators, metrics, and other evidence and communicating relevant, succinct, and actionable recommendations to leadership.
• Proactively maintain a current and working understanding of information and data governance best practices, the practical application of data security governance concepts, relevant information security and technology regulations and industry trends.
• Maintain a current and working understanding of relevant information governance and regulations and industry trends, and assist in the development of Polsinelli Data Governance, Information Security and Privacy Policies and the practical application of the Policies.
• Manage multiple simultaneous workstreams supporting disparate stakeholders, providing appropriate and timely communication of issues, concerns, risks, and status.
• Employees approved for flexible work arrangements are expected to be available and maintain a practice of reliable, consistent attendance always during the employees scheduled work shift including, but not limited to, Zoom, email and voicemail, and by phone. Installation of Zoom on a cell phone is a requirement for the Information Security team.

Benefits

• Paid time off
• sick time off
• a referral program
• medical insurance and benefits
• dental insurance
• vision insurance
• life insurance
• AD&D insurance
• ID Theft insurance
• long-term disability benefits
• short-term disability benefits
• Parking/Transit reimbursement (varies depending on location)
• 401(k) benefits
• employee assistance benefits