Information Security GRC – Risk & Compliance Senior Analyst (Contract)

AlixPartners•Detroit, MI

1d•Hybrid

About The Position

At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve. By understanding, respecting, and honoring the needs of our employees, clients, and communities, AlixPartners actively promotes an inclusive environment. We strongly believe in the value that diversity brings to our experiences and are committed to the perpetual enhancements of initiatives, policies, and practices. We hold ourselves accountable by providing space for authenticity, growth, and equity for everyone. As a member of the Information Security team, the IS GRC Senior Analyst - Risk & Compliance will be responsible for understanding the firm’s security risk and compliance requirements. You will manage and maintain the risk register, analyze risk, and process risk assessments via the risk assessment platform. The IS GRC – Risk & Compliance will help set up and monitor control testing to support audit activities. This role will consult and interface with IT leadership, IT staff, and non-IT departments to conduct risk analysis and monitor controls. The Information Security Governance, Risk & Compliance Senior Analyst (Risk & Compliance) is a full-time, contract position located in Southfield, MI reporting to the Information Security Governance, Risk, & Compliance Manager. Paid relocation and benefits are not available for this position.

Requirements

Bachelor’s degree in Information Technology or related field preferred; relevant work experience may be considered in lieu of education
Minimum 3 years of professional work experience
Experience within Information Security, Risk, Compliance, Audit, or Information Technology is required
Experience with ISO 27001, SOC 2, PCI, HIPAA, or other global standards or regulations is highly preferred
Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Auditor (CISA) desired, but not required
Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISSP, CISA, CRISC, etc.)
Attention to detail with the ability to manage and prioritize responsibilities effectively, adapt to changing circumstances to meet key deadlines under time constraints so work is completed in an accurate, timely manner
Excellent written and oral communication skills in English
Highly effective inter-personal and collaboration skills to support security programs and interface with people at all levels
Excellent problem-solving ability and ability to resolve issues under tight time frames
Experience using MS Office Suite (Word, Excel, PowerPoint, SharePoint etc.)
Experience using ServiceNow preferred
Highly organized with excellent organizational skills with experience operating in time-sensitive, ambiguous environments, balancing competing priorities with sound judgment and discretion.
Core working hours are generally 8:30 AM – 5:30 PM, Monday - Friday; willingness to work outside of normal U.S. business hours, and as unique projects/needs arise
Ability to work full time in an office and remote environment; physically able to sit/stand at a computer and work in front of a computer screen for significant portions of the workday
Must become familiar with, and promote and abide by, our Core Values as defined by the AlixPartners’ Code of Conduct and foster an inclusive environment with people at all levels of an organization

Nice To Haves

Certified Information Systems Security Professional (CISSP) and/or Certified Information Systems Auditor (CISA) desired, but not required
Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISSP, CISA, CRISC, etc.)
Experience using ServiceNow preferred

Responsibilities

Support the CISO in the completion of the annual risk assessment required to support client and compliance audits, as well as periodic risk assessments as determined
Manage the review and analysis of risk register ensuring accuracy, completeness, and timely updates
Conduct risk assessments including evaluation of risk and control effectiveness
Track remediation actions to closure with assigned control owners, maintain due dates, escalate overdue items, and report status to leadership
Interview subject matter experts and gather information for conducting risk assessments
Collaborate with cross-functional teams to develop risk mitigation strategies
Conduct security assessments of third-party suppliers, including review of security questionnaires, supporting documentation, and independent audit reports
Identify third-party supplier gaps, risk ratings, and required mitigations
Design, execute, and monitor control tests to assess compliance with contractual, regulatory, and internal requirements
Partner with control owners across IT and business functions; ensure roles and responsibilities are clearly communicated and understood
Prepare audit request materials and upload documentation for internal or external auditors
Measure and report metrics to IS GRC Risk & Compliance Manager, IS GRC Director and CISO
Improve security efficiency, streamline, and automate work processes while working collaboratively with other team members and IT staff to accomplish objectives
Additional responsibilities as identified. This description is not designed to encompass a comprehensive listing of required activities, duties, or responsibilities.