Location: Tampa, FL, United States
Date Posted: Nov 29, 2023
The Security Governance, Risk, Compliance (GRC) Analyst will be responsible for supporting the daily activities of the GRC function within A&M’s Global Security Office. This role will be focused in supporting client questionnaires and audit requests, performance of third-party supplier assessments, and working closely with business stakeholders to align security measures commensurate with risk. The GRC Analyst requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm. The GRC Analyst will support cybersecurity related initiatives as required.
Respond to client security questionnaires, RFP/RFI’s, and audit requests. Coordinate responses by working with internal stakeholders across disciplines. Maintain database of knowledge.
Execute the firm’s Heightened Security Process which entails working with business stakeholders globally to ensure appropriate security measures are in place at the engagement level.
Perform third-party security vendor diligence. Laisse with business and external stakeholders to perform assessments and identify risk, whilst maintaining monitoring activities of existing vendors.
Respond to and maintain the GRC service queue for tickets escalated to the team in coordination with the relevant stakeholders.
Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities.
Support activities pertaining to risk management; execution of the risk strategy inclusive of identification, tracking, and participation within treatment activities.
Couple of years experience in security governance, risk, and compliance or related.
Strong experience responding to client/customer security inquires.
Broad and solid understanding of cyber security concepts and risks.
Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports.
Working knowledge of common audit and compliance tools. Experience with a GRC tool is a plus.
Demonstrable knowledge in the assessment of third-party suppliers.
Strong analytical thinking, written, and oral communication skills.
Ability to drive responsibilities independently, while serving as a valued team member in the greater context.
Bachelor’s degree – preferably in Information Security, Computer Science or related area.
Industry recognized certification in security (e.g., CISSP, CISA, CISM, CRISC, ISO27001).
The salary range is $90,000 - $110,000 annually, dependent on several variables including but not limited to education, experience, skills, and geography. In addition, A&M offers a discretionary bonus program which is based on a number of factors, including individual and firm performance. Please ask your recruiter for details.
A&M’s entrepreneurial culture celebrates independent thinkers and doers who can positively impact our clients and shape our industry. The collaborative environment and engaging work—guided by A&M’s core values of Integrity, Quality, Objectivity, Fun, Personal Reward, and Inclusive Diversity—are the main reasons our people love working at A&M. Inclusive Diversity means we embrace diversity, and we foster inclusiveness, encouraging everyone to bring their whole self to work each day. It runs through how we recruit, develop employees, conduct business, support clients, and partner with vendors. It is the A&M way.
It is Alvarez & Marsal’s practice to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, creed, religion, national origin, ancestry, citizenship status, sex or gender, gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, family medical history, genetic information or other protected medical condition, political affiliation, or any other characteristic protected by and in accordance with applicable laws. Employees and Applicants can find A&M policy statements and additional information by region here.
Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters are engaged to provide candidates for a specified opening and in alignment with our Inclusive Diversity values. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.