Governance, Risk, Compliance Analyst

Essential Duties

• Support the implementation of an information security risk management framework to track and manage IT risks, evaluate new and existing risks (including third-party risks), and facilitate risk-based decision-making aligned with the firm’s strategic objectives.

• Conduct technical risk assessments of third parties and business processes to identify, evaluate, and prioritize information security risks, including potential threats, vulnerabilities, and impacts on the organization’s information and technology assets.

• Collaborate with internal stakeholders to develop and implement risk mitigation strategies for findings from external assessments, internal scans, and third-party reviews.

• Serve as a key point of contact for internal teams, including Client and Product Services, by assisting with client due diligence questionnaires related to TCW’s cybersecurity governance, risk management, compliance program, and security controls.

• Prepare detailed risk management reports and assist in defining and tracking key performance indicators (KPIs) and key risk indicators (KRIs) to provide actionable insights to leadership and stakeholders.

• Partner with legal and compliance teams to assess new regulations related to cybersecurity, risk management, client reporting, and ensure regulatory compliance.

• Work closely with internal and external auditors to support security audits, control testing, and SOC 1 user access reviews.

• Stay informed on industry trends, emerging threats, regulatory changes, and best practices in cybersecurity and risk management.

• Assist in the development and maintenance of information security policies, standards, and procedures to support the firm’s security posture.

Required Qualifications

• Bachelor’s degree in Information Security, Computer Science, or a related discipline.

• Minimum of 2 years of experience in information security, risk management, data governance, audit, or compliance.

• Proficient in risk assessment methodologies, tools, and practices.

• Experience participating in information security audits.

• Strong knowledge of risk management frameworks such as NIST, ISO, Cloud Security Alliance, or DORA.

• Familiarity with data privacy regulations such as GDPR and CCPA/CCPRA.

• Excellent communication, collaboration, and interpersonal skills.

Professional Skills

• Exceptional analytical and problem-solving abilities with a keen attention to detail.

• Strong written and verbal communication skills, including the ability to present to both technical and non-technical audiences.

• Highly collaborative with the ability to work effectively across teams, vendors, and partners.

• Self-starter who can manage tasks independently while thriving in a fast-paced environment.

• Strong organizational and multitasking skills.

• Experience with building and enhancing information security processes.

Preferred Qualifications

• Relevant certifications such as CISSP, CISM, CISA, CRISC, or equivalent.

• Understanding of cloud security and governance principles.

• Experience managing IT governance, risk, and compliance in mid-sized to large organizations.

• Background in the financial services industry is a plus.

Compensation

• Base Salary: $110,000 – $130,000 for CA & NY-based positions (subject to experience and qualifications).

• Other Compensation: Eligible for an annual discretionary bonus.

• Benefits: Comprehensive benefits package available. [More information here].

APPLY