IT GRC Analyst

Job Description

Fragomen is seeking a Compliance Analyst to join our talented Compliance Response Team.

A Fragomen career gives you the opportunity to work with a smart, motivated and diverse peer group. Our exclusive focus on immigration means you will practice in an exciting, ever-changing and challenging environment with people who are passionate about immigration. Working in a collegial, team-oriented environment, Fragomen employees learn from the industry's leading experts. Our firm commitment to quality and best practices is supported by technological innovation that benefits our clients and staff.

Fragomen strongly affirms that the demonstration of data privacy and security is critical to meet our obligations to our clients and distinguishes our business offerings in this competitive market.

The Compliance Analyst will report directly to the Governance, Risk, and Compliance Operations Manager.

We seek a professional, diligent individual that can keep up with the high demand of client and partner requests that support, identify and demonstrate Fragomen’s security controls.

A candidate should

• have thorough knowledge of IT Security controls to include basic understanding of Cybersecurity frameworks such as NIST 800-53, ISO 27001, SOC 2 type 2 and CIS controls. The candidate should have experience collecting evidence from internal stakeholders and presenting them to external auditors.
• have a strong understanding of cybersecurity risk management, including how to document risks and develop risk treatment plans
• understand and be able to articulate the relationship between cybersecurity and internal general controls (ITGC), compliance obligations and risk reduction
• have experience configuring and using common GRC platforms, such as Vanta, Drata, and Apptega
• have experience drafting IT policies that align with industry best practices
• understand vendor and third-party risk management processes
• Have experience with supporting cybersecurity awareness programs
• be knowledgeable of the global regulatory landscape and capable of communicating the Firm’s efforts in this area.
• be collaborative and team oriented as a member of Fragomen’s Governance, Risk & Compliance (GRC) team which helps make data privacy and security a distinguishing factor in our technological offerings.

A successful candidate will demonstrate these competencies and possess excellent communication skills to communicate our data security, data privacy and compliance efforts to our global partners, senior leadership, and Clients.

Responsibilities will center around demonstrating to Clients Fragomen’s secure operational environment and foundational security policies and principles through the completion of client questionnaires, external certifications, Client audits, RFPs, and technical assessments.

What a Compliance Analyst Does at Fragomen:

Operationalizing Risk Management:

• Understand industry standard cybersecurity risks and how controls affect them.
• Understand how GRC platforms work and how they support Risk Management
• Develop trusted relationships with senior business partners to gain an in-depth understanding of key business processes, products and services, and influences others to ensure business case and customer satisfaction goals are met.

• Acquire fundamental knowledge of all Fragomen areas to better understand emerging risks.
  • Support the Service Delivery function to deliver reliable, best-in-class support services in a manner that meets our contractual obligations and delights our customers and clients.
  • Assist with vendor and third-party risk management

IT Compliance

• Support ISO 27001, SOC 2 type 2 and PCI audits by gathering and documenting how Fragomen is meeting the control objectives identified in these standards
• Support completing client facing requests demonstrating Fragomen’s security controls to include demonstrating and understanding technical security controls.
• Work closely with IT internal audit to meet IT security compliance obligations

Assistance in GRC Operations:

• Collaboratively work with teammat