IT Enterprise Risk Analyst
Dormont Manufacturing Co
We are a Firm where people truly believe in what they do and strive to achieve the highest standards of performance and success. This position is based in the Firm’s global operations center in Tampa, FL. General Description We are seeking an IT Enterprise Risk Analyst to join our team. The IT Risk Analyst helps manage the Firm’s GRC and IT risk programs, focusing on information security for client data, attorney work, and privileged communications. Reporting to the IT Enterprise Risk Management Manager, the role maintains policies, assesses risks and controls, coordinates third-party reviews, drafts responses for client guidelines, prepares evidence for cyber insurance, and supports audits. Responsibilities align with ISO/IEC 27001/27002, NIST CSF, CIS Controls, SOC 2, HIPAA, GLBA, GDPR, and state privacy laws (e.g., CCPA/CPRA). Key Responsibilities and Essential Job Functions Policy, Standards and Governance Support the development, review, and maintenance of information security and technology risk policies, standards, procedures, and guidance documents. Maintain the policy lifecycle process, including stakeholder reviews, approvals, publication, periodic review schedules, and version control. Map policies/standards to ISO, NIST, CIS Controls, SOC 2, HIPAA, GLBA, U.S. state privacy laws, and EU requirements, and to applicable client Outside Counsel Guidelines and contractual security addenda; maintain crosswalks and control documentation to support audit readiness. Administer policy exception and risk acceptance of workflows, ensuring justification, compensating controls, approvals, and defined expiration/renewal dates. Contribute to awareness materials and operational guidance to promote consistent implementation of requirements. Help maintain controls supporting ethical walls / information barriers, matter‑level access restrictions, and legal hold obligations, under the direction of the Senior Analyst and in partnership with the Office of the General Counsel, Conflicts, and Records & Information Governance. Maintain awareness of the Firm’s professional responsibility obligations, including ABA Model Rules 1.1 (technology competence) and 1.6 (confidentiality of information), and apply that awareness to policy implementation and control activities. Information Security and Technology Risk Management Conduct or facilitate risk assessments for applications, infrastructure, cloud services, Firm‑critical legal‑industry platforms (document management, time and billing, conflicts and new business intake, eDiscovery, and matter management), and key business processes; document risk statements, likelihood/impact, and control effectiveness. Maintain and update the risk register, including inherent and residual ratings, treatment plans, owners, milestones, and status updates. Partner with control owners to identify remediation actions, track progress, and validate closure with appropriate evidence. Support ongoing risk monitoring through key risk indicators (KRIs) and control health metrics, including indicators relevant to the legal sector (e.g., business email compromise and wire‑fraud schemes, ransomware targeting law firms, and client‑confidential data exposure). Draft and contribute to risk reporting and summaries for governance forums under the direction of the IT Enterprise Risk Management Manager, including content packaged for Firm leadership and Firm Management Committee audiences. Support incident response activities by gathering control and risk evidence, contributing to post‑incident lessons learned, and helping ensure resulting control improvements are tracked in the risk register. Vendor/Third Party Risk Management (TPRM) Perform third party security due diligence based on vendor criticality and risk tiering (including third‑industry parties such as co‑counsel and local counsel, eDiscovery and document review providers, expert witnesses, court reporters and translators, legal‑technology SaaS vendors, and managed‑service providers handling client matter data); coordinate security questionnaires and evidence collection. Review assurance artifacts such as SOC reports, ISO certificates, penetration test summaries, security whitepapers, and privacy/security attestations. Identify gaps, document findings, recommend remediation/compensating controls, and track vendor action plans to closure. Partner with Procurement/Legal to ensure contracts include appropriate security and privacy requirements (e.g., breach notification, subcontractor controls, right‑to‑assess, data processing terms, and data residency as applicable). Support periodic vendor reassessments and reassessments triggered by scope changes, incidents, or material updates. Draft initial responses to inbound client security questionnaires and Outside Counsel Guideline (OCG) inquiries for Senior Analyst review; help maintain a controlled answer library and partner with the engagement attorney and Loss Prevention on follow‑ups. Audit, Assurance and Compliance (ISO / NIST / CIS / SOC 2 / HIPAA / GLBA / EU) Support internal and external audits by coordinating evidence collection, control walkthroughs, and timely responses to audit requests. Assist with gap assessments and control testing against ISO 27001/27002, NIST CSF / SP 800‑53 / 800‑171, CIS Controls, SOC 2 Trust Services Criteria, GLBA Safeguards Rule, and HIPAA requirements. Support EU‑aligned compliance activities where applicable (e.g., GDPR security measures and accountability documentation; NIS2‑aligned operational practices). Track audit findings, corrective action plans (CAPs), and management responses; monitor remediation progress and validate closure evidence. Maintain audit artifacts including control matrices, evidence inventories, and standardized templates to improve repeatability and audit readiness. Support control activities related to handling Controlled Unclassified Information (CUI) and other regulated client data for the Firm’s federal, defense, aerospace, and government‑contracts practices, including evidence gathering and documentation aligned with NIST SP 800‑171, CMMC Level 2 readiness, and ITAR/EAR data‑handling requirements, under the direction of the Senior Analyst. Help compile control attestations and evidence packages for the Firm’s annual cyber insurance application and renewal cycle, supporting responses to underwriter and broker inquiries under senior oversight. Expected to maintain a regular and predictable work schedule and full attention to and engagement in work activities on behalf of the firm during business hours unless otherwise approved or required by applicable law. Special projects and duties as assigned. Required Skills Strong written and verbal communication skills; ability to translate control requirements into clear documentation and actionable guidance. Strong organizational skills and attention to detail. Ability to manage multiple priorities and deadlines. Knowledge or ability to learn Microsoft Office Suite, or Microsoft 365. Required Qualifications & Education Bachelor’s degree in information security, Information Technology, Risk Management, Business, or equivalent practical experience. 3+ years of experience in GRC, information security, technology risk management, compliance, internal audit, or third‑party risk management. Working knowledge of ISO/IEC 27000 Family concepts, NIST CSF/SP 800‑53/800‑171, and HIPAA. Familiarity with EU information security and privacy requirements (e.g., GDPR security principles); familiarity with NIS2 is a plus where relevant. Experience collecting, organizing, and validating control evidence and supporting audits/assessments. Certifications – ISACA: CRISC (Certified in Risk and Information Systems Control) and/or CISA (Certified Information Systems Auditor). Preferred Qualifications & Education Prior exposure to GRC, IT risk, or information security work in a law firm, professional services firm, or other client‑confidential environment is preferred. Familiarity with legal‑industry technology (document management such as iManage or NetDocuments; time and billing such as 3E or Aderant; conflicts and new business intake such as Intapp; eDiscovery platforms such as Relativity) and with the data‑sensitivity considerations they raise is a plus. Awareness of the ABA Model Rules of Professional Conduct (in particular Rules 1.1 and 1.6) and applicable state bar requirements relating to technology competence and client confidentiality is preferred. Familiarity with Controlled Unclassified Information (CUI) handling, NIST SP 800‑171, CMMC, and ITAR/EAR data‑handling concepts; prior exposure to federal, defense, or government‑contracts client matters is a plus. Certifications – ISACA: COBIT Foundation, CDPSE, or CGEIT as applicable to governance, privacy, and enterprise risk responsibilities ISO/IEC 27001 Internal Auditor, Lead Implementer, or Lead Auditor. Cloud and platform risk certifications such as Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC‑900), Azure Security Engineer Associate (AZ‑500), or similar. Physical Requirements Ability to sit or stand for extended periods of time. Moderate or advanced keyboard usage. Benefits Our goal is to promote a work environment in which individuals have access to the resources they need to be their best both professionally and personally, which includes resources that encourage individuals to focus on their health and well‑being. Below are the benefits we offer: comprehensive medical (PPO and HDHPs), dental and vision plans including coverage for domestic partners; life and AD&D insurance; short and long term disability insurance; tax‑advantaged accounts for health care expenses, including FSAs and HSAs; FSAs for dependent care; health advocacy services; behavioral health and counseling resources for all family members; 401(k); profit sharing; backup dependent care; senior care planning support; resources for individuals with development disabilities and their caregivers; and paid holidays and other paid time off, including paid leave for new parents. Holland & Knight is an Equal Opportunity Employer and does not discriminate on the basis of race, color, religion, sex (including pregnancy, childbirth or related conditions, transgender status, and sexual orientation), national origin, age, disability, genetic information, veteran status or any other factor prohibited by law. #J-18808-Ljbffr Dormont Manufacturing Co
- Dormont Manufacturing Co in Tampa, FL is seeking an IT Enterprise Risk Analyst to manage GRC and IT risk programs. The role includes assessing risks, coordinating reviews, and developing information security policies in line with established standards. An ideal candidate...Suggested
- Citibank (Switzerland) AG is seeking an ICM CCR Data Analyst - AVP for their Tampa location. This role entails gathering and analyzing operational data to enhance business decision making, while also needing effective communication skills to present findings. The ideal...Suggested
- Holland & Knight LLP in Tampa, FL is seeking an IT Enterprise Risk Analyst focused on managing GRC and IT risk programs, particularly regarding information security for client data. Responsibilities include assessing risks, maintaining security policies, and supporting...Suggested
- ...scripts. Job Summary/Basic Function: Technology Risk Management Core Automation drives operational efficiencies within... ...tool. Principal Responsibilities: Understand cyber and IT best practices including knowledge of frameworks, guidelines, and...Suggested
- ...Cybersecurity & Technology Risk Compliance Analyst Tampa or Coppell, TX CISA, CISM, CISSP, CRISC... ...existing controls and their alignment in the enterprise GRC tool. The ideal candidate has done... ...knowledge of technology controls (IT and cyber) including how they are...SuggestedVisa sponsorship
- Sr IT Governance Risk and Controls Analyst Join to apply for the Sr IT Governance Risk and Controls Analyst role at Refresco Get AI-powered advice on this job and more exclusive features. Our vision is both simple and ambitious: to put our drinks on every table. We are...Full timeTemporary workWork experience placementLocal areaWorldwideFlexible hours
- White- seeks an Analyst, Governance and Risk to protect the firm against cybersecurity threats. This role involves monitoring cybersecurity risks, ensuring compliance with regulations, and maintaining the GRC function. The ideal candidate has 5-7 years of experience in...
- ...Risk & Compliance Administrative Support Responsible for providing administrative, documentation, and coordination support to the Risk & Compliance function. The role supports compliance operations by ensuring accurate records, timely processing, and escalation of...Work at office
- A leading restaurant company in Tampa, Florida is looking for a Claims Risk Analyst to provide operational and analytical support to the workers' compensation and general liability programs. You will assist with claims data reporting, support OSHA recordkeeping, and help...
- ...Product Developer / Business Analyst - Counterparty Credit Risk Stress Testing, Vice President Working at Citi is far more than just a job. A career... ...its business governance framework and has created the Enterprise Data group. Enterprise Data is a critical component of...
$25.77 - $33.83 per hour
Baker Tilly International is looking for a Conflict Analyst in Tampa, Florida, to assist with the Firm’s conflict clearing and client acceptance process. The role involves assessing potential conflicts and requires strong analytical and problem-solving skills. Ideal candidates...Temporary work$80.46k - $142.72k
A leading global consultancy is seeking a GIS Senior Analyst in Tampa, Florida. The role focuses on data management and execution of GIS projects using Esri software, including database management and development of analytical tools. Ideal candidates will have a Bachelor...Flexible hours- A financial services company based in Tampa, Florida, is looking for an experienced Data Analytics professional to join their Risk Management team. This role focuses on advancing risk management through data warehousing and analysis. The ideal candidate will have at least...
- Citigroup Inc. is seeking a Cross-disciplinary Controls Lead Analyst for their Tampa, Florida location. This role involves assessing and enhancing control measures to increase efficiency and reduce risk while ensuring compliance with risk management policies. The ideal...Flexible hours
$70 - $75 per hour
...from Mindlance Subject Matter Expert - Recruitment, Banking & Financial Services | President Club Winner Job Title: Business Analyst - Payments Risk Transformation Program Location: New York, NY /Tampa, FL (Hybrid) Duration: 12+ Months (Possibility of Extension) Job...Contract work- ...Third-Party Risk Management Senior Analyst (MRA Remediation Support) - VP Level New York City, NY or Tampa, FL (Hybrid) 6-12 Months Contract... ...excellent relationship with Markets Business Activity Owners, Enterprise Third Party Management, Operational Risk Management and...Contract work
$31.44 - $43.26 per hour
...company protecting organizations’ greatest assets and biggest risks: vulnerabilities in people. The Role This opportunity is for a... ...with both business leaders and technical staff at large-scale enterprises to drive a stronger information protection and compliance posture...Flexible hours- ...be a U.S. Citizen without dual citizenship. This role is remote. The Risk, Quality, and Performance Analyst serves as the Risk, Quality, and Performance Analyst supporting an enterprise IT services contract. This role is responsible for monitoring and reporting on...Minimum wageFull timeContract workTemporary workWork experience placementRemote work
- ...Description & Requirements Maximus is currently seeking an Analyst - IT Service Management. This is a remote position.... ..., hardware, and application issues. - Supports large-scale enterprise IT environments, following established processes, procedures,...Minimum wageFull timeContract workTemporary workWork experience placementRemote work
- A financial technology company in Tampa, Florida, is seeking a Data Analyst to support their Credit Risk team. The candidate will execute direct mail and ITA campaigns, perform credit risk analysis, and monitor campaign performance. Ideal candidates will have a Bachelor...
- ...you do? Design, implement, and govern the enterprise Citizen Development program, including... ...proactive identification of non‑compliance, risk escalation, and coordination of... ...ensure quality and compliance. Partner with IT, Security, Risk, Architecture, Legal, and...Flexible hours
- The Mosaic Company is seeking a qualified individual to lead its enterprise Citizen Development program in Tampa, Florida. This role... ...initiatives. Candidates should possess strong communication skills, IT governance experience, and the ability to influence stakeholders...
- Business Risk Officer/Issues Management Support Analyst 6+ Months Tampa, FL (Hybrid- 3 Days Onsite) $50/Hr on W2 Responsibilities: Designing, developing, delivering and maintaining best-in-class Compliance Issues Management programs, policies and practices for ICRM...Flexible hours
$87.28k - $130.92k
...sector that shapes your daily life, our Enterprise Operations & Technology teams are charged... ...defense for wholesale and counterparty credit risk management and works with Independent... ...Overview of the Role The Business Analytics Sr Analyst is a seasoned professional role. Applies...Full time- Citigroup Inc. is looking for a Wholesale Lending Data Analyst located in Tampa, Florida. This role is pivotal in contributing to the Enterprise Data Governance strategy and ensuring compliance across the organization. The successful candidate will partner with various...
$31.25 per hour
Benefits 401(k) 401(k) matching Position Summary The Data Quality Analyst plays a critical role in maintaining and enhancing the quality, accuracy, and integrity of GoldenWolf's enterprise data assets. This position is responsible for managing data sustainment processes...Hourly payPart timeLocal areaRemote work- ...a **Senior Workday Reporting & Analytics Analyst** to drive the design, development, optimization... ..., and will collaborate closely with HR, IT, and cross-functional partners to... ...frameworks to ensure consistency across the enterprise.* Collaborate on HR process improvement,...Work at office
- ...Business Analytics and Recognition Data Analyst to join our team! The Business Analytics... ...Marketing leadership and in partnership with the Enterprise Project Management Office (EPMO) as well... ...Management, Finance, Human Resources, IT, and Innovation teams to promote...Temporary workWork at office
$113.84k - $170.76k
The Wholesale Lending Data Analyst is responsible for contributing to the directional strategy and assisting in creation and modification of Enterprise Data Governance Strategy, and/or Data Risk and Control Framework and Data Risk Taxonomy. The focus of this role may be...Flexible hours$112.84k - $149.5k
...Description GDIT is looking for a Strategic Information Technology (IT) Analyst and Task Manager to support strategic and operational... ...support the transformation, optimization, and governance of the IT enterprise. Areas of Focus include: Provide subject matter expertise...Work experience placementWork at office
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to IT Enterprise Risk Analyst. Be the first to apply!
- operational risk specialist Tampa, FL
- risk analyst Tampa, FL
- risk compliance officer Tampa, FL
- governance risk & compliance analyst Tampa, FL
- risk officer Tampa, FL
- senior quantitative risk analyst Tampa, FL
- third party risk analyst Tampa, FL
- operational risk consultant Tampa, FL
- it risk analyst Tampa, FL
- information risk analyst Tampa, FL


