Senior Risk and Compliance Analyst – Risk Manager

At Relativity, we have a world-class compliance team focused on maintaining an industry-leading approach to security, privacy, and enterprise risk management. We are building scalable processes and programs to ensure they are customer-centric and fit a rapidly growing company worldwide. We are passionate about security, cloud computing, and technology.

The Senior Risk and Compliance Analyst – Risk Manager is responsible for enabling a proactive, solution-oriented risk posture and culture at Relativity while also identifying, assessing, and mitigating potential risks that may affect the organization's objectives, operations, or reputation. This role will develop and enable risk management policies, procedures, and strategies to ensure compliance with relevant obligations, best practices, and in accordance with ERM’s and Relativity’s goals and mission. 

Job Responsibilities

• Implement and enable a forward-thinking and future-facing risk program that is focused on proactively identifying and solutioning on risks that may affect Relativity’s objectives, operations, reputation, or financial stability. 
• Develop and implement risk management policies, procedures, and frameworks that align with the organization's risk appetite and regulatory requirements. 
• Coordinate and facilitate risk assessments, risk reporting, risk mitigation, and risk awareness activities across the organization. 
• Provide advice and guidance to senior management and business units on risk-related issues and best practices. 
• Conduct risk analysis and evaluation for new projects, suppliers, products, services, or initiatives, and recommend risk mitigation strategies 
• Manage and oversee the risk register, risk dashboard, risk indicators, and risk incidents, and ensure timely and accurate reporting to relevant stakeholders. 
• Maintain and evolve all third-party and internal risk ratings and scorecards
• Lead or participate in internal and external audits, inspections, and reviews related to risk management. 
• Provide counsel, training and education to staff and management on risk management concepts, tools, and techniques that enable solution-oriented thinking and business processes.
• Keep abreast of emerging risks, industry trends, and regulatory changes that may impact the organization. 

Minimum Qualifications

• 3+ years of experience in enterprise risk management, third party risk management, auditing, or compliance analyst. 
• Strong utilization of an enterprise risk management framework or supplier assessments, such as COSO ERM, ISO 31000, COBIT ERM, and NIST ERM. 
• Familiarity with security and privacy standards such as ISO/IEC 27001, ISO/IEC 27018, HITRUST CSF, FedRAMP, NIST SP 800-53, HIPAA Privacy and Security Rules, SOC 2 Privacy Principles, etc.
• Excellent communication, written and analytical skills that demonstrate the ability to distill complex challenges into actionable solutions
• Demonstrated ability to identify relevant facts (and separate irrelevant facts) and apply a governing compliance and/or legal framework or policy 
• Demonstrated ability to present key risk concepts to management and leadership. 
• Experience in working with Governance, Risk, and Compliance tools, such as Archer or LogicGate. 
• Ability to work independently and collaboratively with cross-functional teams. 

Preferred Qualifications

• Acted in a continuous monitoring role for either suppliers or customers. 
• Acted in internal or external consulting capacity on technology, privacy, and control risk for new/current initiatives 
• Direct work experience with security and privacy standards such as ISO/IEC 27001, ISO/IEC 27018, HITRUST CSF, FedRAMP, NIST SP 800-53, HIPAA Privacy and Security Rules, SOC 2 Privacy Principles, etc.
• Strong experience in building programs within a GRC Tool, such as Archer or LogicGate 
• Security or Risk Management Certification, such as CISM, CRISC, CISA, CRCMP, COSO ERM Certificate, etc. 

Compensation

• Relativity is committed to competitive, fair and equitable compensation practices. 
• This position is eligible for total compensation which includes a competitive base salary, annual performance bonus target of 10%, and long-term incentives. The expected salary range for this role is between 176 000 and 264 000 PLN gross/year. The final offered salary will be based on several factors, including but not limited to the candidate’s depth of experience, skill set, qualifications, and internal pay equity. Hiring at the top end of the range would not be typical, to allow for future meaningful salary growth in this position