Senior GRC Analyst

11 hours, 58 minutes ago
Full-time
Senior
Cybersecurity
Morgan & Morgan

Morgan & Morgan

Morgan & Morgan is America's largest personal injury law firm, providing legal representation for individuals and families injured by negligence. With over $15 billion recovered for clients, they are dedicated to fighting for the people.

Specialized Consumer Services
1K-5K
Founded 1988

Description

  • Build and own the end-to-end third-party risk management process, including vendor tiering, assessment criteria, and escalation thresholds.
  • Lead risk assessments for high-exposure vendor relationships such as case management, e-discovery, and payment processing.
  • Develop risk acceptance and remediation recommendations and present analysis to the Director of Business Continuity.
  • Run the full policy lifecycle, including drafting, review cadence, approval workflows, and firm-wide attestation tracking.
  • Write policy content and close policy gaps against ISO 27001, NIST CSF, and CIS v8.1.
  • Own the enterprise risk register, including methodology, scoring calibration, and quarterly review cadence.
  • Lead control testing and gap assessments in Vanta and design remediation plans.
  • Help design the security awareness program, including the content calendar, phishing simulations, targeted training, and Program Champions.
  • Serve as a point of contact for cyber insurance audits, major client security due diligence, and regulatory inquiries.
  • Build and maintain GRC reporting for leadership and coordinate with BC/DR, Crisis Management, and Privacy teams on related risks.

Requirements

  • 4–6+ years of experience in GRC, IT audit, compliance, or information security.
  • Deep hands-on experience with a GRC platform; Vanta is strongly preferred.
  • Strong working knowledge of ISO 27001, NIST CSF, and CIS v8.1, with experience mapping controls across multiple frameworks.
  • ISC2 CC/CCSP or ISACA CRISC/CISA required, or another ISC2/ISACA-related certification such as CISSP or CISM.
  • Direct experience leading external audits or client security due diligence as the primary point of contact, including findings negotiation.
  • Experience designing a security awareness program.
  • Ability to operate independently.
  • Bachelor’s degree in Information Security, Risk Management, Computer Science, or a related field, or equivalent experience.

Benefits

  • Medical and dental insurance for full-time employees.
  • 401(k) plan.
  • Paid time off.
  • Paid holidays.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Cyber Security Analyst I

CyberSheath 51-250 Internet Software & Services

CyberSheath Services International LLC is hiring a Cyber Security Analyst I to support its remote Security Operations team in monitoring client environments for the defense industrial base and responding to security threats.

Cybersecurity SIEM SOC
11 hours, 58 minutes ago

Information Security Manager

HICX.com 51-250 Professional Services

HICX is hiring an Information Security Manager to lead its internal IT and security function, overseeing governance, compliance, incident response, privacy, and employee IT operations for a remote global SaaS business.

AWS Azure SIEM
12 hours, 13 minutes ago

Security Awareness Analyst

Monzo 1K-5K Banks

Monzo is hiring a part-time Security Awareness role to help the People Centred Security Squad create security processes and communications that protect customers while keeping the bank moving quickly.

Notion
12 hours, 58 minutes ago

Security Analyst

Sweet Security is hiring a Security Analyst to help customers strengthen cloud security posture while supporting the company’s runtime cloud and AI security platform.

AWS Azure Cybersecurity GCP Kubernetes Linux SIEM
12 hours, 58 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers