Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

IT Enterprise Risk Analyst

Dormont Manufacturing Co

We are a Firm where people truly believe in what they do and strive to achieve the highest standards of performance and success. This position is based in the Firm’s global operations center in Tampa, FL. General Description We are seeking an IT Enterprise Risk Analyst to join our team. The IT Risk Analyst helps manage the Firm’s GRC and IT risk programs, focusing on information security for client data, attorney work, and privileged communications. Reporting to the IT Enterprise Risk Management Manager, the role maintains policies, assesses risks and controls, coordinates third-party reviews, drafts responses for client guidelines, prepares evidence for cyber insurance, and supports audits. Responsibilities align with ISO/IEC 27001/27002, NIST CSF, CIS Controls, SOC 2, HIPAA, GLBA, GDPR, and state privacy laws (e.g., CCPA/CPRA). Key Responsibilities and Essential Job Functions Policy, Standards and Governance Support the development, review, and maintenance of information security and technology risk policies, standards, procedures, and guidance documents. Maintain the policy lifecycle process, including stakeholder reviews, approvals, publication, periodic review schedules, and version control. Map policies/standards to ISO, NIST, CIS Controls, SOC 2, HIPAA, GLBA, U.S. state privacy laws, and EU requirements, and to applicable client Outside Counsel Guidelines and contractual security addenda; maintain crosswalks and control documentation to support audit readiness. Administer policy exception and risk acceptance of workflows, ensuring justification, compensating controls, approvals, and defined expiration/renewal dates. Contribute to awareness materials and operational guidance to promote consistent implementation of requirements. Help maintain controls supporting ethical walls / information barriers, matter‑level access restrictions, and legal hold obligations, under the direction of the Senior Analyst and in partnership with the Office of the General Counsel, Conflicts, and Records & Information Governance. Maintain awareness of the Firm’s professional responsibility obligations, including ABA Model Rules 1.1 (technology competence) and 1.6 (confidentiality of information), and apply that awareness to policy implementation and control activities. Information Security and Technology Risk Management Conduct or facilitate risk assessments for applications, infrastructure, cloud services, Firm‑critical legal‑industry platforms (document management, time and billing, conflicts and new business intake, eDiscovery, and matter management), and key business processes; document risk statements, likelihood/impact, and control effectiveness. Maintain and update the risk register, including inherent and residual ratings, treatment plans, owners, milestones, and status updates. Partner with control owners to identify remediation actions, track progress, and validate closure with appropriate evidence. Support ongoing risk monitoring through key risk indicators (KRIs) and control health metrics, including indicators relevant to the legal sector (e.g., business email compromise and wire‑fraud schemes, ransomware targeting law firms, and client‑confidential data exposure). Draft and contribute to risk reporting and summaries for governance forums under the direction of the IT Enterprise Risk Management Manager, including content packaged for Firm leadership and Firm Management Committee audiences. Support incident response activities by gathering control and risk evidence, contributing to post‑incident lessons learned, and helping ensure resulting control improvements are tracked in the risk register. Vendor/Third Party Risk Management (TPRM) Perform third party security due diligence based on vendor criticality and risk tiering (including third‑industry parties such as co‑counsel and local counsel, eDiscovery and document review providers, expert witnesses, court reporters and translators, legal‑technology SaaS vendors, and managed‑service providers handling client matter data); coordinate security questionnaires and evidence collection. Review assurance artifacts such as SOC reports, ISO certificates, penetration test summaries, security whitepapers, and privacy/security attestations. Identify gaps, document findings, recommend remediation/compensating controls, and track vendor action plans to closure. Partner with Procurement/Legal to ensure contracts include appropriate security and privacy requirements (e.g., breach notification, subcontractor controls, right‑to‑assess, data processing terms, and data residency as applicable). Support periodic vendor reassessments and reassessments triggered by scope changes, incidents, or material updates. Draft initial responses to inbound client security questionnaires and Outside Counsel Guideline (OCG) inquiries for Senior Analyst review; help maintain a controlled answer library and partner with the engagement attorney and Loss Prevention on follow‑ups. Audit, Assurance and Compliance (ISO / NIST / CIS / SOC 2 / HIPAA / GLBA / EU) Support internal and external audits by coordinating evidence collection, control walkthroughs, and timely responses to audit requests. Assist with gap assessments and control testing against ISO 27001/27002, NIST CSF / SP 800‑53 / 800‑171, CIS Controls, SOC 2 Trust Services Criteria, GLBA Safeguards Rule, and HIPAA requirements. Support EU‑aligned compliance activities where applicable (e.g., GDPR security measures and accountability documentation; NIS2‑aligned operational practices). Track audit findings, corrective action plans (CAPs), and management responses; monitor remediation progress and validate closure evidence. Maintain audit artifacts including control matrices, evidence inventories, and standardized templates to improve repeatability and audit readiness. Support control activities related to handling Controlled Unclassified Information (CUI) and other regulated client data for the Firm’s federal, defense, aerospace, and government‑contracts practices, including evidence gathering and documentation aligned with NIST SP 800‑171, CMMC Level 2 readiness, and ITAR/EAR data‑handling requirements, under the direction of the Senior Analyst. Help compile control attestations and evidence packages for the Firm’s annual cyber insurance application and renewal cycle, supporting responses to underwriter and broker inquiries under senior oversight. Expected to maintain a regular and predictable work schedule and full attention to and engagement in work activities on behalf of the firm during business hours unless otherwise approved or required by applicable law. Special projects and duties as assigned. Required Skills Strong written and verbal communication skills; ability to translate control requirements into clear documentation and actionable guidance. Strong organizational skills and attention to detail. Ability to manage multiple priorities and deadlines. Knowledge or ability to learn Microsoft Office Suite, or Microsoft 365. Required Qualifications & Education Bachelor’s degree in information security, Information Technology, Risk Management, Business, or equivalent practical experience. 3+ years of experience in GRC, information security, technology risk management, compliance, internal audit, or third‑party risk management. Working knowledge of ISO/IEC 27000 Family concepts, NIST CSF/SP 800‑53/800‑171, and HIPAA. Familiarity with EU information security and privacy requirements (e.g., GDPR security principles); familiarity with NIS2 is a plus where relevant. Experience collecting, organizing, and validating control evidence and supporting audits/assessments. Certifications – ISACA: CRISC (Certified in Risk and Information Systems Control) and/or CISA (Certified Information Systems Auditor). Preferred Qualifications & Education Prior exposure to GRC, IT risk, or information security work in a law firm, professional services firm, or other client‑confidential environment is preferred. Familiarity with legal‑industry technology (document management such as iManage or NetDocuments; time and billing such as 3E or Aderant; conflicts and new business intake such as Intapp; eDiscovery platforms such as Relativity) and with the data‑sensitivity considerations they raise is a plus. Awareness of the ABA Model Rules of Professional Conduct (in particular Rules 1.1 and 1.6) and applicable state bar requirements relating to technology competence and client confidentiality is preferred. Familiarity with Controlled Unclassified Information (CUI) handling, NIST SP 800‑171, CMMC, and ITAR/EAR data‑handling concepts; prior exposure to federal, defense, or government‑contracts client matters is a plus. Certifications – ISACA: COBIT Foundation, CDPSE, or CGEIT as applicable to governance, privacy, and enterprise risk responsibilities ISO/IEC 27001 Internal Auditor, Lead Implementer, or Lead Auditor. Cloud and platform risk certifications such as Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC‑900), Azure Security Engineer Associate (AZ‑500), or similar. Physical Requirements Ability to sit or stand for extended periods of time. Moderate or advanced keyboard usage. Benefits Our goal is to promote a work environment in which individuals have access to the resources they need to be their best both professionally and personally, which includes resources that encourage individuals to focus on their health and well‑being. Below are the benefits we offer: comprehensive medical (PPO and HDHPs), dental and vision plans including coverage for domestic partners; life and AD&D insurance; short and long term disability insurance; tax‑advantaged accounts for health care expenses, including FSAs and HSAs; FSAs for dependent care; health advocacy services; behavioral health and counseling resources for all family members; 401(k); profit sharing; backup dependent care; senior care planning support; resources for individuals with development disabilities and their caregivers; and paid holidays and other paid time off, including paid leave for new parents. Holland & Knight is an Equal Opportunity Employer and does not discriminate on the basis of race, color, religion, sex (including pregnancy, childbirth or related conditions, transgender status, and sexual orientation), national origin, age, disability, genetic information, veteran status or any other factor prohibited by law. #J-18808-Ljbffr Dormont Manufacturing Co

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the IT Enterprise Risk Analyst in Tampa, FL vacancy
  • Dormont Manufacturing Co in Tampa, FL is seeking an IT Enterprise Risk Analyst to manage GRC and IT risk programs. The role includes assessing risks, coordinating reviews, and developing information security policies in line with established standards. An ideal candidate... 
    Suggested

    Dormont Manufacturing Co

    Tampa, FL
    2 days ago
  • Citibank (Switzerland) AG is seeking an ICM CCR Data Analyst - AVP for their Tampa location. This role entails gathering and analyzing operational data to enhance business decision making, while also needing effective communication skills to present findings. The ideal... 
    Suggested

    Citibank (Switzerland) AG

    Tampa, FL
    3 days ago
  • Holland & Knight LLP in Tampa, FL is seeking an IT Enterprise Risk Analyst focused on managing GRC and IT risk programs, particularly regarding information security for client data. Responsibilities include assessing risks, maintaining security policies, and supporting... 
    Suggested

    Holland & Knight LLP

    Tampa, FL
    2 days ago
  •  ...scripts. Job Summary/Basic Function: Technology Risk Management Core Automation drives operational efficiencies within...  ...tool. Principal Responsibilities: Understand cyber and IT best practices including knowledge of frameworks, guidelines, and... 
    Suggested

    Macpower Digital Assets Edge

    Tampa, FL
    2 days ago
  •  ...Cybersecurity & Technology Risk Compliance Analyst Tampa or Coppell, TX CISA, CISM, CISSP, CRISC...  ...existing controls and their alignment in the enterprise GRC tool. The ideal candidate has done...  ...knowledge of technology controls (IT and cyber) including how they are... 
    Suggested
    Visa sponsorship

    ESR Healthcare

    Tampa, FL
    3 days ago
  • Sr IT Governance Risk and Controls Analyst Join to apply for the Sr IT Governance Risk and Controls Analyst role at Refresco Get AI-powered advice on this job and more exclusive features. Our vision is both simple and ambitious: to put our drinks on every table. We are... 
    Full time
    Temporary work
    Work experience placement
    Local area
    Worldwide
    Flexible hours

    Refresco

    Tampa, FL
    1 day ago
  • White- seeks an Analyst, Governance and Risk to protect the firm against cybersecurity threats. This role involves monitoring cybersecurity risks, ensuring compliance with regulations, and maintaining the GRC function. The ideal candidate has 5-7 years of experience in... 

    White-

    Tampa, FL
    2 days ago
  •  ...Risk & Compliance Administrative Support Responsible for providing administrative, documentation, and coordination support to the Risk & Compliance function. The role supports compliance operations by ensuring accurate records, timely processing, and escalation of... 
    Work at office

    Sims Crane & Equipment Co.

    Tampa, FL
    2 days ago
  • A leading restaurant company in Tampa, Florida is looking for a Claims Risk Analyst to provide operational and analytical support to the workers' compensation and general liability programs. You will assist with claims data reporting, support OSHA recordkeeping, and help... 

    Bloomin Brands

    Tampa, FL
    4 days ago
  •  ...Product Developer / Business Analyst - Counterparty Credit Risk Stress Testing, Vice President Working at Citi is far more than just a job. A career...  ...its business governance framework and has created the Enterprise Data group. Enterprise Data is a critical component of... 

    Citigroup

    Tampa, FL
    4 days ago
  • $25.77 - $33.83 per hour

    Baker Tilly International is looking for a Conflict Analyst in Tampa, Florida, to assist with the Firm’s conflict clearing and client acceptance process. The role involves assessing potential conflicts and requires strong analytical and problem-solving skills. Ideal candidates... 
    Temporary work

    Baker Tilly International

    Tampa, FL
    2 days ago
  • $80.46k - $142.72k

    A leading global consultancy is seeking a GIS Senior Analyst in Tampa, Florida. The role focuses on data management and execution of GIS projects using Esri software, including database management and development of analytical tools. Ideal candidates will have a Bachelor... 
    Flexible hours

    Arcadis

    Tampa, FL
    14 days ago
  • A financial services company based in Tampa, Florida, is looking for an experienced Data Analytics professional to join their Risk Management team. This role focuses on advancing risk management through data warehousing and analysis. The ideal candidate will have at least... 

    The Depository Trust & Clearing Corporation

    Tampa, FL
    4 days ago
  • Citigroup Inc. is seeking a Cross-disciplinary Controls Lead Analyst for their Tampa, Florida location. This role involves assessing and enhancing control measures to increase efficiency and reduce risk while ensuring compliance with risk management policies. The ideal... 
    Flexible hours

    Citigroup Inc.

    Tampa, FL
    2 days ago
  • $70 - $75 per hour

     ...from Mindlance Subject Matter Expert - Recruitment, Banking & Financial Services | President Club Winner Job Title: Business Analyst - Payments Risk Transformation Program Location: New York, NY /Tampa, FL (Hybrid) Duration: 12+ Months (Possibility of Extension) Job... 
    Contract work

    Mindlance

    Tampa, FL
    1 day ago
  •  ...Third-Party Risk Management Senior Analyst (MRA Remediation Support) - VP Level New York City, NY or Tampa, FL (Hybrid) 6-12 Months Contract...  ...excellent relationship with Markets Business Activity Owners, Enterprise Third Party Management, Operational Risk Management and... 
    Contract work

    Syntricate Technologies

    Tampa, FL
    2 days ago
  • $31.44 - $43.26 per hour

     ...company protecting organizations’ greatest assets and biggest risks: vulnerabilities in people. The Role This opportunity is for a...  ...with both business leaders and technical staff at large-scale enterprises to drive a stronger information protection and compliance posture... 
    Flexible hours

    Proofpoint

    Tampa, FL
    3 days ago
  •  ...be a U.S. Citizen without dual citizenship. This role is remote. The Risk, Quality, and Performance Analyst serves as the Risk, Quality, and Performance Analyst supporting an enterprise IT services contract. This role is responsible for monitoring and reporting on... 
    Minimum wage
    Full time
    Contract work
    Temporary work
    Work experience placement
    Remote work

    Maximus

    Tampa, FL
    1 day ago
  •  ...Description & Requirements Maximus is currently seeking an Analyst - IT Service Management. This is a remote position....  ..., hardware, and application issues. - Supports large-scale enterprise IT environments, following established processes, procedures,... 
    Minimum wage
    Full time
    Contract work
    Temporary work
    Work experience placement
    Remote work

    Maximus

    Tampa, FL
    3 days ago
  • A financial technology company in Tampa, Florida, is seeking a Data Analyst to support their Credit Risk team. The candidate will execute direct mail and ITA campaigns, perform credit risk analysis, and monitor campaign performance. Ideal candidates will have a Bachelor... 

    Continental Finance Company

    Tampa, FL
    3 days ago
  •  ...you do? Design, implement, and govern the enterprise Citizen Development program, including...  ...proactive identification of non‑compliance, risk escalation, and coordination of...  ...ensure quality and compliance. Partner with IT, Security, Risk, Architecture, Legal, and... 
    Flexible hours

    Dormont Manufacturing Company

    Tampa, FL
    3 days ago
  • The Mosaic Company is seeking a qualified individual to lead its enterprise Citizen Development program in Tampa, Florida. This role...  ...initiatives. Candidates should possess strong communication skills, IT governance experience, and the ability to influence stakeholders... 

    Dormont Manufacturing Co

    Tampa, FL
    2 days ago
  • Business Risk Officer/Issues Management Support Analyst 6+ Months Tampa, FL (Hybrid- 3 Days Onsite) $50/Hr on W2 Responsibilities: Designing, developing, delivering and maintaining best-in-class Compliance Issues Management programs, policies and practices for ICRM... 
    Flexible hours

    Syntricate Technologies

    Tampa, FL
    1 day ago
  • $87.28k - $130.92k

     ...sector that shapes your daily life, our Enterprise Operations & Technology teams are charged...  ...defense for wholesale and counterparty credit risk management and works with Independent...  ...Overview of the Role The Business Analytics Sr Analyst is a seasoned professional role. Applies... 
    Full time

    Citi

    Tampa, FL
    2 days ago
  • Citigroup Inc. is looking for a Wholesale Lending Data Analyst located in Tampa, Florida. This role is pivotal in contributing to the Enterprise Data Governance strategy and ensuring compliance across the organization. The successful candidate will partner with various... 

    Citigroup Inc.

    Tampa, FL
    9 days ago
  • $31.25 per hour

    Benefits 401(k) 401(k) matching Position Summary The Data Quality Analyst plays a critical role in maintaining and enhancing the quality, accuracy, and integrity of GoldenWolf's enterprise data assets. This position is responsible for managing data sustainment processes... 
    Hourly pay
    Part time
    Local area
    Remote work

    GoldenWolf, LLC

    Brandon, FL
    2 days ago
  •  ...a **Senior Workday Reporting & Analytics Analyst** to drive the design, development, optimization...  ..., and will collaborate closely with HR, IT, and cross-functional partners to...  ...frameworks to ensure consistency across the enterprise.* Collaborate on HR process improvement,... 
    Work at office

    Shift4 Corporation

    Tampa, FL
    5 days ago
  •  ...Business Analytics and Recognition Data Analyst to join our team! The Business Analytics...  ...Marketing leadership and in partnership with the Enterprise Project Management Office (EPMO) as well...  ...Management, Finance, Human Resources, IT, and Innovation teams to promote... 
    Temporary work
    Work at office

    Holland & Knight

    Tampa, FL
    1 day ago
  • $113.84k - $170.76k

    The Wholesale Lending Data Analyst is responsible for contributing to the directional strategy and assisting in creation and modification of Enterprise Data Governance Strategy, and/or Data Risk and Control Framework and Data Risk Taxonomy. The focus of this role may be... 
    Flexible hours

    Citigroup Inc.

    Tampa, FL
    4 days ago
  • $112.84k - $149.5k

     ...Description GDIT is looking for a Strategic Information Technology (IT) Analyst and Task Manager to support strategic and operational...  ...support the transformation, optimization, and governance of the IT enterprise. Areas of Focus include: Provide subject matter expertise... 
    Work experience placement
    Work at office

    Dormont Manufacturing Co

    Tampa, FL
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to IT Enterprise Risk Analyst. Be the first to apply!