IT Risk and Compliance Analyst, Madrid
At Dentons, we are committed to excellence in supporting legal professionals with cutting-edge solutions. Our dynamic and diverse team collaborates seamlessly to provide a wide range of services, including finance, IT, human resources, marketing, and more. We pride ourselves on fostering a culture of continuous improvement and adaptability.
As an IT risk analyst, you will be responsible for ensuring the security of the company's information systems and data and the organization’s adherence to relevant information security policies, standards, and regulations. You will perform risk assessments, respond to customer inquiries, and monitor third-party suppliers. You will also collaborate with the Data Privacy Team, IT, and business teams spread geographically across Europe to treat and mitigate risks by implementing and auditing security procedures and controls.
Responsibilities:
- Conduct risk assessments of the company's IT systems, processes, and data, analyze the efficiency of existing security controls, and identify vulnerabilities and gaps in risk treatments.
- Respond to customer information security questionnaires and provide evidence of the company's security posture and compliance.
- Review client and suppliers' agreements pertaining to information security and ensure compliance with policies and regulations.
- Perform third-party supplier risk assessments and ensure that they meet the company's security standards and contractual obligations.
- Develop and update security policies, procedures, and guidelines to ensure alignment with the company's objectives, clients, and regulatory requirements.
- Provide security awareness and training to the company's staff and stakeholders.
- Monitor and report on the company's security performance and compliance status and recommend corrective actions and improvements.
- Maintain documentation of compliance activities, including policies, procedures, risk assessments, and audit reports.
- Assist internal and external assessments and audits to ensure compliance with client requirements and industry-specific regulations such as GDPR, SOX, etc.
- Provide guidance and support to business practices on information security-related matters, including data classification and access control.
- Research and stay updated on the latest laws and regulations, security trends, threats, and best practices.
Requirements:
- At least two years of experience in IT risk management, audit, or compliance-focused role in information security.
- Knowledge of security frameworks, standards, and regulations, such as ISO 27001, NIST, GDPR, SOX, etc.
- Knowledge of one or more risk management frameworks; knowledge of quantified risk management frameworks is preferred.
- Understanding of information security principles and practices, proficiency in information security tools and techniques with the ability to identify and mitigate security risks.
- Strong analytical, problem-solving, and decision-making skills.
- Excellent communication and interpersonal skills, with the ability to convey complex information security and risk concepts to non-technical audiences.
- Ability to work independently and collaboratively in a challenging fast-paced and dynamic environment.
- Certifications such as CISSP, CISA, CRISC are a plus, but not required.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
mejor más rápidamente
