Technology Risk & Compliance Analyst

Debevoise & Plimpton LLP
$95,000-$105,000
United States, New York, New York
66 Hudson Boulevard East (Show on map)
Feb 13, 2025
TECHNOLOGY RISK & COMPLIANCE ANALYST Information Services Department Debevoise & Plimpton LLP is a premier law firm with market-leading practices, a global perspective and strong New York roots. Our clients look to us to bring a distinctively high degree of quality, intensity and creativity to resolve legal challenges effectively and cost efficiently. We believe in hiring talented, dedicated and highly motivated individuals as members of our administrative community. We draw on the strength of our culture and structure to deliver the best of our firm to our lawyers and clients through true collaboration. The firm is seeking a Technology Risk & Compliance Analyst, reporting to the Technology Risk & Compliance Manager. The Technology Risk & Compliance Analyst will work with clients, external vendors and internal business units to support the firm's risk management activities. Strong written and oral communication skills are essential, as are excellent attention to detail and organizational skills. RESPONSIBILITIES include but are not limited to: Client Security Assessment Support: Respond promptly to inquiries from clients and prospective clients for security information Track and coordinate the completion of security assessment questionnaires and open issues Work with matter teams, GCO, IS and other departments to gather information and resolve issues and ensure that client compliance requirements are met Firm External Security Assessment Support (ISO27001, financial software audit, others): Schedule and participate in activities to maintain the firm's ISO27001 certification Coordinate periodic reviews of risk management policies and procedures Gather evidence to support external ISO and client audits Vendor Risk Management: Create and maintain robust inventory of key firm services providers to support the firm's efforts to ensure that risks associated with service providers are identified, evaluated and controlled Work with business units to maintain up-to-date documentation of current vendor relationships Conduct vendor risk assessments of high-risk vendors Track and coordinate the resolution of vendor remediations Work with GCO to ensure that contract reviews are performed according to best practices Firm Internal Compliance Reviews: Work with IS management, firm management and business units across the firm to develop risk management policies, procedures and training materials Conduct periodic access reviews for IS; train and support other departments in conducting access reviews and other risk mitigation measures required by policy Conduct internal reviews to ensure ongoing compliance with firm policies General: Keep up with current standards and best practices in the industry Suggest and draft improvements to firm policies, procedures and controls Other related duties and projects as assigned REQUIREMENTS: Bachelor's degree or relevant professional experience Three or more years of administrative support and/or project coordination experience in law firm or similar environment Strong written and oral communication skills Excellent attention to detail and organizational skills Demonstrated ability to take ownership of tasks Demonstrated ability to learn new software and processes Strong Excel skills PREFERRED QUALIFICATIONS: Experience with IT security auditing, security risk assessments, or IT compliance Experience writing policies, procedures and/or technical documentation Exposure to/knowledge of ISO27001 and related standards and information security best practices, operational risk management best practices Familiarity with VRM or GRC tools Familiarity with generative AI tools TO APPLY: A resume and cover letter are required to apply for this position. Please tell us where you saw this position posted. Send required materials to: Human Resources jferrigno@debevoise.com 212.909.8310