A large law firm is actively seeking an IT Risk & Compliance Third Party Engineer to join our IT Security & Risk Management team for our Washington, D.C. office. This role, under the guidance of the Director of Information Security Governance, Risk & Compliance is responsible for day-to-day governance risk and compliance processes also, this position focuses on third-party compliance and risk assessment. This individual will work closely with other IT engineering teams to help enhance the risk posture of the firm. Responsibilities include the below:
-Conduct regular audits and assessments of third-party vendors to evaluate compliance with the organizations policies and regulatory requirements
-As part of the Third-Party Risk Management (TPRM) team, ability to focus on engineering continuous improvement efforts in the Third-Party risk assessment process
-Work with TPRM teams to schedule and execute a variety of activities related to third party risk assessment
-As a Third-Party Risk Engineer, ability to support the implementation of the Third-Party Management Policy, risk remediation and risk scoring
-Review, measure, monitor and report on the state of key risk metrics and compliance gaps across the WSGR
-Evaluate, quantify, and communicate risk across the internal technical and procedural controls
-Improve risk monitoring and observability through log analysis, dashboard creation, and automated alerts and response
-Track and monitor IT remediation and risk treatment plans
-Assist in implementing and enforcing audit, governance, and risk frameworks across the organization
-Perform deep-dive analysis of cybersecurity issues using data from various threat management and provide recommendations and remediation
We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
Human Resources Request Form. The EEOC "Know Your Rights" Poster is available
here.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
-Bachelors Degree required in Computer Science, Information Technology, or related field of study desired
-ServiceNow certifications required
-3+ years of ServiceNow experience
-4+ years of relevant experience in risk and compliance or security
-Knowledge of Governance Risk & Compliance (GRC) tools is highly desired
-Knowledge of the NIST Cybersecurity Framework (CSF) and NIST 800-53
-Strong analytical, problem- solving, multitasking and time management skills and ability to follow through on issues to resolution
-Excellent technical writing and verbal communication skills
-Ability to work independently and to carry out assignments to completion within parameters of instructions given, prescribed routines, and standard accepted practices
-Law firm or professional service background
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.