Apply on Employer Site

Bennett Thrasher · 2 days ago

Risk & Compliance Analyst

Dallas, TX

Full-time

Onsite

Mid, Senior Level

3+ years exp

Bennett Thrasher is a premier provider of professional tax, assurance, and consulting services to businesses and high net worth individuals. They are seeking a highly skilled and motivated Risk & Compliance Analyst to ensure the organization's data policies, procedures, and standards follow regulatory requirements and industry best practices.

ConsultingInformation Technology

Growth Opportunities

Responsibilities

Develop, implement, and maintain data governance frameworks, policies, and standards to ensure data quality and integrity

Identify, assess, and manage data-related risks to protect the organization’s data assets

Ensure compliance with data protection regulations such as GDPR, CCPA, and other relevant legislation

Conduct regular audits and monitoring activities to identify control gaps and ensure compliance with data governance policies and standards

Provide training and raise awareness on data governance, risk management, and compliance within the organization

Work closely with data owners, IT, legal, and departments to ensure alignment and support for data governance initiatives

Directly oversee annual SOC1/SOC2 reviews, as well as managing compliance with GLBA and GDPR

Coordinate with internal and external auditors during compliance reviews

Complete security questionnaires for prospective and existing clients

Assist in developing and updating privacy and compliance policies, procedures, and training materials

Deliver training and awareness sessions to internal teams

Perform internal information risk classification and maintain inventories of sensitive data

Review application requests for data privacy and security risks

Implement processes to automate and continuously monitor information security controls, exceptions, risks, testing

Develop and implement controls and processes through frameworks like NIST, COSO, COBIT, etc

Develop reporting metrics, dashboards, and evidence artifacts

Conduct and manage end-to-end vendor security risk assessments

Review third-party security documentation (e.g., SOC 2 reports, ISO 27001 certifications)

Assess new software for security and privacy risks and recommend appropriate contract terms

Qualification

Data GovernanceRisk ManagementCompliance RegulationsCybersecurity FrameworksData Protection RegulationsAnalytical SkillsMicrosoft PurviewProfessional CertificationsProblem-Solving SkillsCommunication Skills