Job Description:

OVERVIEW:

The Risk and Compliance Program Manager is a highly visible, client facing role which works closely with the Legal and Business Unit stakeholders and reports to the Lead Security & Infrastructure Architect.  This role is responsible for providing expertise in evaluating, assessing and monitoring the firm’s risk and compliance with applicable information security standards and frameworks, industry best practices, and applicable laws and regulations.  This role will also help coordinate and maintain the firm’s Information Security Management Program and assist staff in implementing security policy objectives in ways that align with business and mission objectives.

DUTIES AND RESPONSIBILITES:

• Provides IT security, risk, and compliance advice to business units on an ongoing basis.


• Analyze and address gaps in operations to ensure integrity of processes, controls, and policies.


• Maintain and update Information Security Program policies and procedures as needed, also completing a yearly review to ensure all documentation is properly updated.


• Provide governance for participate in the information security incident response process by ensuring that the process is being followed and documented. Respond to escalated security events and drive the security incident response process.


• Participate in the evaluation, development and implementation of security standards, procedures and guidelines for multiple platforms and diverse systems environments.


• Will work with internal and external auditors to demonstrate and provide evidence for controls that are in place. May conduct additional testing to validate that items found during testing have been remediated.


• Responsible for completion of client security questionnaires and working with the business units to assist with RFI responses related to IT security.


• Responsible for vendor vetting to ensure our vendors, business partners, or suppliers are using the same or higher security practices.


• Responsible for conducting Risk Assessments and annual reviews for any new or current vendors, business partners, or suppliers.


• Lead and execute complex security assessments that require both analytical and technical skills across a broad range of Information Technology topics (e.g., Identity and Access Management, Security Architecture, Physical and Environmental, etc.).


• Evaluate, test, document, and maintain the firmwide DR and BCP policies, processes, and standards.


• Manage the Security Awareness Training program initiatives related to phishing campaigns and coordinate with HR to deliver ongoing employee training.

REQUIREMENTS:

• Bachelor’s degree or equivalent work experience


• minimum 6 years of experience in two or more major information technology functions (infrastructure, operations, datacenter, application support, etc.)


• minimum 4 years IT security, IT compliance, or IT risk management experience desired.


• Familiarity with industry frameworks and standards such as SOC2, ISO27002, HIPAA, HITRUST.


• Familiarity with GDPR and CCPA.


• In depth knowledge of application and network security, information security risk and industry best practice (how to best manage risk).


• Experience with building, executing and maintaining DR and BCP program.


• Ability to effectively prioritize and execute tasks in a high-pressure environment.


• Excellent written/verbal communication skills and time management skills.


• Strong troubleshooting, problem-solving and analytical skills.


• Position requires traveling for short periods. Trips will sometimes extend to 5 working days and could on rare occasions extend beyond 5 business days. All travel expenses will be reimbursed.

 

ABOUT BRG

Berkeley Research Group (BRG), headquartered in Emeryville, CA provides independent expert testimony, advisory services and data analytics to major law firms, Fortune 500 companies, government agencies and regulatory bodies around the world.  BRG experts provide sophisticated economic, financial, and analytical advice across a wide range of disciplines including antitrust and competition policy, complex damages, finance, healthcare, intellectual property, valuation, and workforce issues.  In addition, the firm assists clients in major industry sectors with compliance, business process improvement and strategy consulting.

Candidate must be able to submit verification of his/her legal right to work in the U.S. without company sponsorship.

BRG is an Equal Employment Opportunity/Affirmative Action Employer.  All qualified candidates will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status.

#LI-Remote

 

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

See job description

Apply Now