Information Security Governance, Risk and Compliance Analyst

At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve. By understanding, respecting, and honoring the needs of our employees, clients, and communities, AlixPartners actively promotes an inclusive environment. We strongly believe in the value that diversity brings to our experiences and are committed to the perpetual enhancements of initiatives, policies, and practices. We hold ourselves accountable by providing the space for authenticity, growth, and equity for everyone.

AlixPartners has embraced a hybrid work model to provide flexibility and support our employees' work-life integration. Our hybrid model combines a mix of in-person at an AlixPartners office on Tuesday, Wednesday, & Thursday, and remote working options for Monday and Friday.

What you'll do

As a member of the Information Security team, the IS GRC Analyst will be responsible for understanding the firm's access governance and compliance requirements. The IS GRC Analyst assists in the access review processes. This person will consult and interface with system administrators, onboarding and offboarding teams, help desktop support staff, IT staff, and non-IT departments to understand requirements to develop actionable plans. The IS GRC Analyst will help execute the approved roadmap, facilitate workshops with IT and non-IT departments that manage access controls and support refining the program's effectiveness.

The Information Security (IS) Governance, Risk, and Compliance (GRC) Analyst is a full-time position in Southfield, MI or New York, NY reporting to the Information Security Governance, Risk, and Compliance Lead. Paid relocation is not available.

• Assist in the execution of the approved roadmap
• Facilitate regular communication with access approvers regarding their roles and responsibilities and assist in identifying all owners for all in-scope business applications
• Run regular review of access certification process for in-scope business applications
• Obtain and maintain access attestation evidence is available to support ISO 27001, SOC 2 and SOX audits
• Gather and track the remediation of identity and access risks, issues, and exceptions
• Keep up to date on emerging technologies and identity access governance models, such as zero trust, Identity and Access Management as a Service (IDaaS), User and Entity Behavior Analytics (UEBA), security industry trends, new threats & attack techniques, and mitigation techniques
• Write new or update existing procedures as required
• Collaborate and gather input from various stakeholders within the organization to ensure comprehensive documentation

Security Team

• Stay current on security industry trends, new threats and attack techniques, mitigation techniques, and emerging security technologies
• Keep abreast of the latest information security and privacy laws and regulations; ensure compliance both with internal security policies and applicable laws and regulations
• Measure and report metrics to IS GRC Lead, Director and CISO
• Improve security efficiency, streamline, and automate work processes while working collaboratively with other team members and IT staff to accomplish objectives
• Participate, as needed, in critical incidents and implementation reviews
• Additional responsibilities as identified. This description is not designed to encompass a comprehensive listing of required activities, duties, or responsibilities

What you'll need

• Bachelor's degree in Information Technology or related field recommended; relevant experience may be considered in lieu of education
• Minimum two (2) years of professional work experience
• Experience within Information Security, Risk, Compliance, Audit, or Information Technology is desired, but not required
• Awareness with a variety of IT security and related concepts or technologies (e.g., SSO, ADFS, MFA (Multi Factor Authentication), privilege access management, RBAC/ABAC, PKI, etc.)
• Knowledge of IAM tools (e.g., Saviynt, Access Auditor, Active Directory)
• Familiar with project management & organizational skills
• Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISA etc.)
• Effective written and verbal communication skills to support security programs. Must be able to provide formal reports and presentations as required
• Must possess high attention to detail and the ability to prioritize work
• Proven problem-solving skills with the ability to resolve issues under tight time frames
• Proficient with Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.)
• Excellent written and verbal communication skills in English.
• Willingness to work outside of normal U.S. business hours, and as unique projects/needs arise.
• Ability to work full time in an office and remote environment; physically able to sit/stand at a computer and work in front of a computer screen for significant portions of the workday.
• Must become familiar with, and promote and abide by, our Core Values as defined by the AlixPartners' and foster an inclusive environment with people at all levels of an organization.

The firm offers a comprehensive benefits program including health, vision, dental, disability, 401K, tuition reimbursement, identity theft protection, and mental wellness support. Employees will also receive a generous paid leave policy including vacation/personal time starting at 5.67 hours per pay period, sick time up to 80 hours annually, parental leave, and twelve holidays.

The hourly range for this role takes into account a number of factors and is between $32/hr. - $37/hr. with potential eligibility for an annual discretionary bonus.

AlixPartners is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, age, status as a protected veteran, or disability. AlixPartners is a proud Silver award-winning Veteran Friendly Employer.

#LI-KL1

#LI-Hybrid