We are looking for a Security Risk and Compliance Analyst to join the Information Security Team at Alvarez & Marsal. If you are someone that has a passion Information Security as well as, process improvement, automation, and efficiency, then this is the job for you. This role is focused on developing and improving our internal risk & compliance processes at A&M primarily in the fields of information security and data privacy. Responsibilities Work closely with business stakeholders globally to apply heightened security procedures designed to safeguard information based upon risk. Assess and improve such procedures in coordination with cross-disciplinary stakeholders including IT, Finance, Legal, Engineering, Internal Audit, and A&M business units. Manage audit requirements and deliverables related to various contractual and/or regulatory standards (i.e. ISO 27001, HIPAA, etc.) including customer data privacy assessments (GDPR). Support potential clients and customers by answering inquiries (RFP/RFI) regarding A&Mu2019s data security and privacy practices. Coordinate responses to customer questionnaires by working with internal stakeholders. Assist with the review of Master Service Agreements and Statements of Work for appropriate security and privacy language. Work on third-party risk assessments and compliance requirements for A&Mu2019s vendor risk program and manage the review cycle. Assist with coordinating security and privacy awareness training throughout A&M. Understand/analyze IT security threats, understand risk, articulate operational impact and work as part of a team dedicated to achieving and maintaining compliance to all applicable regulations. Recommend, develop and implement compensating controls to remediate or mitigate known risk and vulnerabilities to an acceptable level. Work with stakeholders to coordinate remediation projects as required and report on progress to management. Assist with development and implementation of policies and procedures that align with ISO 27001 standards and with data processing standards applicable to A&Mu2019s processing of personal data under GDPR. As a member of the A&Mu2019s Global Security Office, your position may include other responsibilities in the information security program such as assisting with vulnerability scan remediation and updating risk assessments. Requirements BA or BS or a higher degree in a technical or related field or an equivalent combination of training and progressively responsible experience in lieu of a degree 2 years working with the one or more of following compliance & frameworks: ISO 27001, SANS Top 20, Privacy Shield, PCI, HIPAA 2 years of meaningful work experience across engineering and IT organizations, including security incident response, threat analytics, security operations, and security risk management Working knowledge of common audit and compliance tools. Experience with a Governance/Risk/Compliance (GRC) platform is a plus. Demonstrated ability to operate effectively at a dynamic company and embrace change Technical aptitude and extreme attention to detail Excellent spoken and written communication skills Preferred Skills and Experience CISA, CRISC, CISSP, CIPP, or similar certification Familiarity with cloud technologies (such as Azure, AWS) Voluntary Inclusion It is Alvarez & Marsalu2019s policy to provide and promote equal opportunity in employment, compensation, and other terms and conditions of employment without discrimination because of race, color, sex, sexual orientation, family medical history or genetic information, political affiliation, military service, pregnancy, marital status, family status, religion, national origin, age or disability or any other non-merit based factor in accordance with all applicable laws and regulations. Unsolicited Resumes from Third-Party Recruiters Please note that as per A&M policy, we do not accept unsolicited resumes from third-party recruiters unless such recruiters were engaged to provide candidates for a specified opening. Any employment agency, person or entity that submits an unsolicited resume does so with the understanding that A&M will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.