- Under the direction of the Director, Global Risk & Compliance and in support of our risk and compliance team leads, this role is engaged in the evaluation and improvement of ongoing security and control effectiveness through
- Responsible for initiating recurring testing activities, coordination and tracking of test evidence and conducting compliance reviews of test results, especially for our FedRAMP authorization activities
- Actively supports the identification and assessment of the risk/impact of changes to control processes across our ISRP program
- Participates in the deployment and validation of new information security control standards across Relativity departments and/or with vendors and business partners where appropriate
- Responsible for the coordination of revisions and/or retention of ISRP program-related documentation.
- Identifies opportunities for simplification of program documentation to support shared understanding across multiple standards.
- Assists with the development of policies, procedures and workflows to provide clear process understanding and meet compliance documentation standards
- Collaboratively challenges the status quo of current processes and suggests improvements, automation or alternatives.
- Assists with research and interpretation of regulatory framework, compliance standards and compliance and best practice procedures.
- Looks for ways to balance risk management and creativity in responding to business / technical opportunities.
- Two years of experience auditing and/or monitoring the effectiveness of information security, privacy and technology risks, processes and controls.
- Able to demonstrate a working knowledge of key principles of information technology general controls, including change management, access to programs and data, segregation of duties, asset management, computer operations, encryption practices and secure software development.
- Training and/or direct work experience with one or more core IT auditing standards (such as: ISO 27001, SOC 2 TRUST Principles, Sarbanes-Oxley Act) is preferred.
- Knowledge of one or more industry guidelines (such as: FedRAMP, NIST 800-53, COBIT) is desirable.
- Knowledge of privacy concepts (such as GDPR, HIPAA, ISO 27018) is desirable.
- Experience in a cloud-based (SaaS) software development environment and/or knowledge of ISO 27017 concepts is ideal for this role.