Sr. Risk Analyst

Datasite is where deals are made. We provide the data rooms and SaaS technology used in M&A and other high-value transactions, to deliver projects in more than 170 countries. Carrying that success into the future is all about you. Your useful skills, your unusual experience, your unique ideas. Everyone here brings something unexpected. What's yours? Invest your talents in us, and we'll return the compliment.

Job Description:

The responsibilities for the Sr. Risk Analyst - will be to act as the subject matter expert on implementation, improvement, and daily management of the Sr. Risk Management Program. The individual will also assist and support development and maintenance of Security Client Engagement, Security Vendor Management and Security Audits to ensure that policies, standards, procedures, and audit activities are in alignment with business regulatory requirements. Success in the role will be measured by the effectiveness of the security risk management program and the cultural and behavioral integration of the security vendor, security client engagement and security vendor program by employees, suppliers, vendors and contractors.

Essential Duties and Responsibilities:

• Oversee Datasite management and staff regarding risks and controls pertaining to security-related concepts and compliance and audit requirements.
  • Act as point person and subject matter expert on Information Security Risk Management principles, practices, rules, and procedures.
  • Collaborate with internal teams to gather relevant documentation and information needed for tracking risks.
  • Develop and maintain a centralized repository for risk-related, responses and documentation, ensuring easy retrieval and access for tracking and measuring in accordance with the organizations definitions.
  • Improve and maintain key performance indicators (KPIs) to measure the efficiency and effectiveness of the risk management response process,
  • Communicate proactively internally and with clients, addressing inquiries and providing updates on risk statuses.
  • Provide guidance to IT group members and organization personnel on related policies, procedures, regulatory rules, and compliance.
• Develop working relationships with business unit staff and management at different organizational levels and locations, data owners, vendors, and clients; use business relationships to maintain awareness of corporate projects that may impact security compliance and facilitate continual awareness of security compliance to business partners.
• Support and assist internal and external security compliance monitoring activities, including vendor audits, client audits, due diligence reviews, internal audits:
  • Evaluate and respond to security related questionnaires.
  • Work with auditors to facilitate on and offsite fieldwork.
  • Plan & facilitate documentation gathering.
  • Report audit findings to appropriate parties.
  • Document and respond to any audit findings and recommendations.
• Support and assist Datasite service provider risk assessment processes and audits:
  • Work with business lines to plan and facilitate vendor risk assessments.
  • Evaluate risk assessment responses.
  • Support on-site service provider audits (as necessary)
  • Document and report on findings (in accordance with escalation procedures)
• Proactively produce relevant reports for the Security team and business management
• Miscellaneous duties as assigned.

Additional Requirements:

• Knowledge of security compliance requirements; experience interpreting requirements and communicating their impact to the company
• Excellent communication skills to clearly and concisely communicate security compliance requirements to all levels of Datasite (from staff to SVP); to communicate unusual or problem situations to Security, Legal, and the Business
• Ability to organize work activities and respond to priority changes; ability to lead multiple projects concurrently.
• Works under limited supervision; may supervise/mentor less experienced compliance analysts on a project-by-project or informal basis.

Education:

• Bachelor's degree or equivalent experience
• Professional certification(s) an asset (CISA, CISSP, etc.) a plus

Minimum Experience:

• 3-5+ years working with requirements relating to risk, privacy, data security and governance frameworks including ISO27001,
• 27017,27018, 27701 and SOC 2 Type II, GDPR in a complex organizational environment.
• Experience with implementing and managing risk management frameworks.
• Experience interacting with external auditors and an understanding of internal audit standards, IT general controls, and process control design and testing methods in a complex organizational environment.
• Experience with communicating information security responses directly and indirectly with clients and customers.
• Experience building and maintaining relationships and keeping informed regarding relevant changes throughout the organization.

Physical Demands:

• Requires motor skills to operate a keyboard and telephone.
• Regularly required to sit.
• Requires ability to communicate over the phone and in person.
• Requires close vision.

As a global organization, Datasite knows that diverse perspectives are essential to our success. We're committed to maintaining a diverse workforce to serve our customers around the world. Datasite is an equal opportunity employer (EEO) and furthers the principles of EEO through Affirmative Action.