Risk and Compliance Analyst

Davis Polk & Wardwell LLPNew York, NY
$100,000 - $125,000

About The Position

The Risk and Compliance Analyst will play a key role in supporting and executing the Firm’s governance, risk and compliance (GRC) program. Reporting to the Compliance Manager, this role will independently manage components of the Firm’s risk and compliance processes, including vendor risk management, client assessments, audit support, and policy governance. This position offers strong exposure to ISO 27001, client-facing security assessments, and enterprise risk management within a professional services environment.

Requirements

  • Familiarity with ISO 27001 framework, as well as NIST, SOC 2, or similar.
  • Experience responding to client security questionnaires and conducting vendor risk assessments.
  • Strong analytical, organizational, and time management skills with attention to detail.
  • Proven ability to manage multiple priorities and projects simultaneously in a fast-paced environment while consistently meeting deadlines.
  • Excellent verbal, written, and presentation skills, with the ability to communicate effectively with clients, leadership, and cross-functional teams.
  • Strong interpersonal skills with ability to build relationships and interact with individuals at all organizational levels.
  • Ability to work independently, exercise sound judgement, and take initiative while collaborating effectively across teams.
  • Bachelor’s degree required, preferably Business Systems, Information Systems.
  • 3-5 years of experience in IT risk, compliance, audit, or information security.

Nice To Haves

  • Previous experience in legal services preferred.

Responsibilities

  • Support and help maintain the Firm’s Information Security Management System (ISMS), including contributing to ISO 27001 compliance and annual recertification efforts.
  • Manage day-to-day execution of the Firm’s client security assessment process, including gathering documentation, tracking questionnaires, and coordinating responses with internal teams.
  • Support third-party vendor risk assessments, including reviewing questionnaires, SOC reports, and supporting security documentation.
  • Assist in conducting internal IT risk assessments by gathering information from business and IT stakeholders to identify risks, document findings, and support development of risk treatment plans.
  • Support disaster recovery (DR) testing activities, including coordination, documentation, and tracking of results and action items.
  • Execute user access recertification processes for standard and privileged accounts, including tracking completion and escalating issues as needed.
  • Track and follow up on remediation efforts related to findings from client assessments, internal audits, penetration tests, and other security reviews.
  • Support the ongoing use of tools supporting vendor risk management and compliance processes.
  • Perform other duties as assigned.

Benefits

  • competitive salary and comprehensive benefits package
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service