Overview
The Senior Information Governance Compliance Analyst has a specialized focus and expertise in IG risk and compliance issues. The Senior IG Compliance Analyst has an understanding of global regulatory laws with which the firm must comply. The Senior IG Compliance Analyst develops procedures, policies, and programs to promote, monitor, maintain, and train on compliance with laws, local guidance, and firm policies. The Senior IG Compliance Analyst will provide guidance on how evolving technologies are used, including AI tools, and how data is stored or used. The Senior IG Compliance Analyst combines technical skills with strong analytical, customer service and communication skills.
Responsibilities
- Analyze current IG risk and compliance processes, procedures and technologies and identify gaps or areas of improvement. Recommend and execute plans to close gaps. Recommend enhancements/ improvements to existing policies. Conduct routine audits to ensure compliance with processes and procedures.
- Stay informed of new regulatory guidance and laws in all countries in which the firm has offices. Consult with colleagues in other offices to understand the privacy and regulatory landscapes. Draft communications to inform stakeholders at the firm.
- Respond to client audits, in collaboration with the Information Security Risk & Compliance team. Respond to Outside Counsel Guideline requests, with Information Security and the IG Disposition Specialist.
- Review and provide guidance on new software and services, in collaboration with Information Security. Provide guidance as a member of the IT Architectural Review Board on implementation of new tools.
- Provide guidance on the classification of data, especially relating to network shares.
- Identify where Know Your Client (KYC) data is stored at the firm. Develop and maintain a process to audit for KYC data on a recurring basis, determining when retention has been met based on regulations, and the process for purging the data.
- Advise on best practices and requirements for storing files containing Protected Health Information and Personally Identifiable information. Improve processes for monitoring compliance with PHI and PII document storage in the DMS and other approved firm repositories. Develop and maintain user facing documentation and materials regarding storage procedures. Participate in presentation development and facilitation for PHI and PII best practices training. Perform routine audits to ensure sensitive data is not retained longer than needed.
- Coordinate with paralegals and attorneys to obtain and execute Business Associate Agreements and Sub-Business Associate Agreements. Maintain the firm’s BAA and sub-BAA libraries. Coordinate with IG team members when a PHI document storage request requires a BAA on file. Perform routine audits to ensure BAAs are in place where needed.
- Assist with matter mobility, file transfer reviews, attorney departures, and personal document reviews as needed.
- Review requests from users and clients to use removable media and cloud-based storage or collaboration services, such as Box.com. Respond to other ticket as needed.
Qualifications
- Bachelor’s degree required. Degree in a relevant field strongly preferred.
- 5-7 years of law firm experience required, preferably in Information Governance, Compliance, and/or Risk Management.
- Experience with security & privacy standards and regulations such as GDPR or HIPAA required.
- Experience with iManage Work and associated support tools strongly preferred.
- Excellent Excel, Word and Outlook skills required. Strong PowerPoint skills preferred.
- Experience with Microsoft E5 Compliance, Information Protection, and Purview strongly preferred.
- Experience with cloud software services and generative AI strongly preferred, including Box.com.
- Strong business analysis, troubleshooting, problem solving, quality assurance and project management skills.
- Exceptional attention to detail required.
- Ability to work with a variety of people at all levels within the organization.
- Clear and precise communication skills.
- Demonstrated ability to manage competing projects, individually and as part of a team, while prioritizing work based on the needs of the department, user needs, and ticket due dates.
#Indeed