Job description

General Purpose:
The Compliance and Risk Security Analyst will report to the Chief Information Security Officer (CISO) and has responsibility for evaluating and managing the security and privacy risk posed by third parties. This position requires a high-level knowledge of all information technology verticals, the ability to quickly ascertain whether security and privacy controls are implemented, and the ability to positively influence others to implement the controls.

Essential Duties/Responsibilities:

• Conduct third party risk assessments and audits through application of established criteria.
• Identify methods to document and track third-party risk and get third party commitment to implement risk controls.
• Conduct privacy impact assessments of third parties using established processes.
• Ensure that proper documentation for new and existing third-party relationships is properly completed, maintained, and retained.
• Perform reconciliation between vendor payment records and the third-party risk database.
• Perform Incident Response on reported incidents to the security team.
• Evaluate suspicious threats and activities in email and systems.
• Assists in the evaluation of suspected malware and provides recommendations of remediation.
• Assist with developing and maintaining information and privacy security policies, procedures, standards, and guidelines.
• Tracks and correlates H&H’s security and privacy commitments to other parties (clients).
• Participate in client audits and assessments to ensure the firm’s security and privacy program meets client expectations.
• Routinely interfaces with the CISO, DPO, IT Security team, IT Operations, IT Applications, H&H Legal, and third parties to determine the applicable obligations, initial and on-going risks, recommends mitigations, and tracks risks to closure.
• Maintain an active working knowledge of emerging third-party security trends including the latest attack methods, vulnerabilities, and remediation techniques.
• Maintain an understanding of privacy concepts and legal obligations, including GDPR, HIPAA, and new or evolving privacy obligations.
• Maintain a database or GRC system of H&H security and privacy client commitments.
• Other duties as may be assigned.

Job Qualifications (Education, Experience and Certification):

• Bachelor’s in information technology, information systems, computer science or computer engineering preferred, or other bachelor’s degree with relevant information technology experience and minimum 4 years IT experience with an emphasis in security preferred.
• A minimum of at least 2 years of work as a security specialist.
• Minimum of one security technical certification such as CISA, CISSP, SSCP, GSEC or Security+, preferred.
• Understands IT security and privacy frameworks and how to assess framework compliance.
• Understands IT security frameworks, compensating controls and how to quantify vendor risk.
• Understands and can analyze contractual agreements, privacy policies, and other third-party documentation.
• Aptitude and a mindset for compliance, privacy and security.
• General understanding of how computers work and how they may be exploited.
• General understanding of privacy and security industry standards and how they are applied.
• Capable of performing one or more phases of low-complexity projects.
• Excellent Microsoft Office skills including Visio.
• Strong adherence to integrity & confidentiality.
• Must be collaborative, creative, and driven with a proven ability to be a team player.
• Able to think strategically, develop solutions quickly and implement efficiently.
• Excellent verbal, written, and overall communication skills.
• Strong analytical, evaluative, and problem-solving skills with a keen attention to detail.
• Self-starter with the ability to multi-task and work in a very fast paced environment.

Competencies:

• Problem Solving and Decision Making – Identifies problems, finds solutions, acts decisively, and show good judgment.
• Results Orientation – Maintains appropriate focus on outcomes and accomplishments.
• Communication – Recognizes the essential value of continuous information exchange. Able to easily understand and interpret written material.
• Change Agility – Adaptable, embraces the needed change and modifies behavior to achieve firm objectives.
• Team Player – Team oriented; maintains composure and is adaptable to the changing needs of the team.
• Functional/Technical Expertise – Understands, applies, and stays current on technology.

Physical Requirements:
While performing the duties of this position, the employee must have the ability to sit, stand and/or walk for extended periods of time; manipulate (lift, carry, move) weights of at least twenty-five (25) pounds; have repetitive wrist/hand/finger movement to work on a computer and/or related office equipment; speak clearly and concisely so listeners can understand; and regularly understand the speech of another person.

The physical demands described here are representative of those that must be met by this position to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Work Environment:
Professional office atmosphere. Sedentary work that primarily involves sitting or standing for prolonged periods. Position may require occasional off-hour meetings and events.
_

Note: This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position.

Colorado salary range - $59,478 - $99,130 per year. A discretionary bonus may be available based upon performance.

Holland & Hart works hard to promote work/life balance with a 37.5-hour scheduled work week for most staff employees, a robust wellness program, and generous PTO and holiday pay for eligible employees. Full-time employees become eligible for benefits on the date hire, with a benefits offering that includes medical, dental, vision, life, AD&D, EAP, STD, and LTD. Also available are voluntary income protection benefits such as supplemental life, accident, critical illness, and long-term care insurances, as well as a 401(k)-retirement plan with a company match. In addition, the firm has programs that may provide for educational assistance, free or discounted legal services, and opportunities through the Holland & Hart Foundation, which is a non-profit organization dedicated to creating volunteer opportunities for lawyers, staff, families, and friends of Holland & Hart LLP. Part-time employees may have access to some of these benefits, which may be on a pro-rated basis.

Job Type: Full-time

Pay: $59,478.00 - $99,130.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Parental leave
• Retirement plan
• Tuition reimbursement
• Vision insurance

Schedule:

• 8 hour shift
• Monday to Friday

Ability to commute/relocate:

• Denver, CO 80202: Reliably commute or planning to relocate before starting work (Required)

Work Location: Hybrid remote in Denver, CO 80202

jjbodyshop.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, jjbodyshop.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, jjbodyshop.com is the ideal place to find your next job.