Cleary Gottlieb seeks a Senior Governance Risk and Compliance Analyst. Reporting directly to the Firm's Director of Information Security, the Senior Governance, Risk, and Compliance (GRC) Analyst is instrumental in safeguarding our Firm's data and meeting clients' security requirements. Serving as the primary point of contact for day-to-day ISO 27001 program management, and a full time member of our ISO Information Security Forum (ISF), this role will report on the performance of our Information Security Management System to the Firm’s Senior IT Leadership team and assemble key artifacts required by this program (metrics, meeting agendas, attaining ongoing compliance requirements, and assembling controls evidence). This role will lead our effort to upgrade to the ISO 27001:2022 standard, and pending strategic direction may also lead efforts to adopt the ISO 27701 Privacy Information Management System, ISO 27017 code of practice for cloud management, and other frameworks as required for adoption by our clients.
The Senior GRC Analyst will be our Firm’s primary point of contact for ongoing client security assessment requests. As this role will be required to interface with 50-70 such requests throughout a year, the candidate shall ensure professional and error free work and look for efficiencies to best handle those which are repetitive in nature, including the curation of a standard answer/artifact bank, as well as using generative AI tools as approved for use. This role will regularly interface with the Firm’s Risk Department and IT Leadership, as well as other departments as required, to answer questions effectively. Taking any feedback from our client auditors, this role will be pivotal to inform the firm’s Information Security strategy in a measured manner.
The Senior GRC Analyst is a full-time member of the Firm's Information Security Department. They will collaborate with Senior Security Engineers to enhance core program elements, including incident response, assimilation of threat intelligence, vulnerability management, and continuous compliance processes.
1. Client Assessment Response Program
2. ISO 27001 Program Management
3. Governance and Compliance Framework:
4. Policy Development and Documentation
The base salary for this position is $140,000 to $180,000. Actual pay is determined based on a number of job-related factors, including skills, education, training, credentials, experience, scope and complexity of role responsibilities, geographic location and performance.
At Cleary Gottlieb, all members of our community deserve respect as individuals and appreciation for the contributions they make to our community. We champion diversity, equity, and inclusion, and creating equal opportunities to develop and succeed.
Click the checkbox next to the jobs that you are interested in.
Business Analytics Skill
Business Process Modeling/Improvement Skill
Lead Analyst, Governance, Risk, and Compliance
Sirius XM Radio, New York, NY
Lead Analyst, Governance, Risk, and Compliance
SiriusXM, New York, NY