IS GRC Sr. Analyst Risk & Compliance

At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve. By understanding, respecting, and honoring the needs of our employees, clients, and communities, AlixPartners actively promotes an inclusive environment. We strongly believe in the value that diversity brings to our experiences and are committed to the perpetual enhancements of initiatives, policies, and practices. We hold ourselves accountable by providing the space for authenticity, growth, and equity for everyone.

AlixPartners has embraced a hybrid work model to provide flexibility and support our employees' work-life integration. Our hybrid model combines a mix of in-person at an AlixPartners office on Tuesday, Wednesday, & Thursday and remote working options for Monday and Friday.

Location: Southfield, MI

What you'll do

As a member of the Information Security team, the IS GRC Senior Analyst will be responsible for understanding the firm's security risk and compliance requirements. The IS GRC Senior Analyst will help identify new and emerging threats for inclusion in risk register, analyze risk, and process risk assessments via the risk assessment platform. The IS GRC Senior Analyst will participate in completing client questionnaires and audits. This person will set up, run, and monitor control tests to ensure compliance with the firm's contractual and regulatory requirements. This person will consult and interface with IT leadership, IT staff, and non-IT departments to conduct risk analysis.

The Information Security Governance, Risk, & Compliance Senior Analyst is a full-time position located in Southfield, MI reporting to the Information Security Governance, Risk, & Compliance Manager. Paid relocation is not available.

• Participate in the completion of client questionnaires and client audits

• Prepare audit request materials and upload documentation for internal or external auditors

• Set up, run, and monitor control tests to assess compliance to contractual and regulatory requirements

• Conduct periodic reviews of systems to ensure adherence to current procedures and policies

• Run and monitor the execution of monthly phishing campaigns

• Interview subject matter experts and gather information for conducting quantitative and qualitative risk assessments

• Conduct risk assessments to identify vulnerabilities and threats

• Evaluate the impact of security risks on business processes and systems

• Collaborate with cross-functional teams to develop risk mitigation strategies

• Review action plans developed by risk owners to ensure plans are completed appropriately

• Conduct vendor assessments

• Monitor, review and process approval for security exceptions

• Update process documentation as appropriate

Security Team

• Stay current on security industry trends, new threats and attack techniques, mitigation techniques, and emerging security technologies

• Keep abreast of the latest information security and privacy laws and regulations; ensure compliance both with internal security policies and applicable laws and regulations

• Measure and report metrics to IS GRC Manager, Director and CISO

• Improve security efficiency, streamline, and automate work processes while working collaboratively with other team members and IT staff to accomplish objectives

• Identify gaps and recommend corrective actions

• Participate, as needed, in critical incidents and implementation reviews

• Additional responsibilities as identified. This description is not designed to encompass a comprehensive listing of required activities, duties, or responsibilities

What you'll need

• Bachelor's degree in Information Technology or related field; relevant experience may be considered in lieu of education

• Minimum three (3) years of professional work experience within Information Security, Risk, Compliance, Audit, or Information Technology required

• Familiarity with cybersecurity standards such as ISO 27001 and SOC 2

• Experience with ServiceNow GRC, preferred

• Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISA, CRISC, FAIR etc.)

• Excellent written and verbal communication skills in English to support security programs. Must be able to provide formal reports and presentations

• Attention to detail and the ability to prioritize work while successfully managing multiple projects and deadlines

• Proficient with Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.)

• Willingness to work outside of normal U.S. business hours, and as unique projects/needs arise.

• Ability to work full time in an office and remote environment; physically able to sit/stand at a computer and work in front of a computer screen for significant portions of the workday.

• Must become familiar with, and promote and abide by, our Core Values as defined by the AlixPartners' Code of Conduct and foster an inclusive environment with people at all levels of an organization.

The firm offers a comprehensive benefits program including health, vision, dental, disability, 401K, tuition reimbursement, identity theft protection, and mental wellness support. Employees will also receive a generous paid leave policy including vacation/personal time starting at 7.34 hours per pay period, sick time up to 80 hours annually, parental leave, and twelve holidays.

AlixPartners is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, age, status as a protected veteran, or disability. AlixPartners is a proud Silver award-winning Veteran Friendly Employer.

#LI-KL1

#LI-Hybrid