TCW Group
Governance, Risk, Compliance Analyst
TCW Group, Los Angeles, California, United States, 90079
Position Summary
Overview:
The Cyber Governance, Risk & Compliance (GRC) function at The TCW Group, Inc. is dedicated to evaluating, directing, and monitoring the firm’s information security governance principles. This function advises and informs key business stakeholders and executive management to achieve balanced, agreed-upon objectives for ongoing compliance. The GRC function also assesses and manages IT risk, oversees the risk profiles of third-party service providers and collaborates with business stakeholders to respond to client due diligence. Purpose:
The GRC Analyst will help lead the development, enhancement, and implementation of information security risk management frameworks, and help drive security and operations audit, controls, and compliance. This role works closely with internal stakeholders to mature aspects of the GRC program including data governance (e.g., classification, handling, retention), policy development and management, reporting and metrics, and audit. Essential Duties: Help implement an information security risk management process to manage and track existing IT risks, assess new IT & third-party risks, and inform risk-based decision making that aligns with overall firm goals and future IT strategic projects. Assist with technical third-party risk and business process risk assessment activities to identify, evaluate, and prioritize information security risks to the organization – including threats, vulnerabilities, and potential impacts to information and technology assets. Collaborate with internal stakeholders to drive implementation of effective risk treatment plans of identified risks from external assessments, internal scans, and third parties. Manage the day-to-day relationship internally with Client and Product Services teams and assist in the completion of client due diligence questionnaire portions regarding TCW’s cybersecurity governance, risk and compliance program and security controls. Generate comprehensive reports and assist in defining and collecting metrics related to risk management (i.e., KRIs) and GRC program performance (i.e., KPIs) to stakeholders and leadership. Partner with legal and compliance teams to analyze new and upcoming industry regulations related to cybersecurity controls, risk management and reporting, and client reporting requirements for compliance. Collaborate with internal and external auditors to facilitate security audits and assessments, control testing, and completing user access reviews for SOC 1 in-scope applications. Stay current with industry trends and new regulations, emerging threats, and best practices for information security and risk management. Provide guidance and support in developing and maintaining information security policies, standards, and procedures. Required Qualifications: Bachelor’s degree in information security, Computer Science, or a related field. 2+ years of experience in information security, data governance, risk management and reporting, audit and compliance. Proficiency in risk assessment methodologies, tools, and techniques. Experience in participating in information security audits. Excellent communication and interpersonal skills. Strong understanding of information security risk frameworks (e.g., NIST, ISO, Cloud Security Alliance, DORA). Familiarity with data privacy guidelines (GDPR, CCPA/CCPRA). Professional Skills Qualifications: Excellent analytical and problem-solving skills with attention to detail. Strong verbal and written communication skills, including presentation and report writing to technical and non-technical audiences. Highly developed interpersonal skills with the ability to work well with colleagues, vendors, and partners. Ability to work independently and collaboratively in a fast-paced environment. High professionalism and strong organizational skills; ability to manage multiple tasks simultaneously. Experience building and maturing information security processes. Desired Qualifications: Relevant certifications such as CISSP, CISM, CISA, CRISC, or other. Understanding of Cloud governance and security. Experience with IT governance, risk, and compliance management in a mid-size to large environment. Experience in the financial services industry. Estimated Compensation: Base Salary:
For CA based position, the base salary range is $110K-$130K. This is an anticipated range for the base salary only. Other Compensation:
Eligible to be considered for an annual discretionary bonus. Benefits:
Eligible for TCW’s comprehensive benefits package. See more information here.
#J-18808-Ljbffr
The Cyber Governance, Risk & Compliance (GRC) function at The TCW Group, Inc. is dedicated to evaluating, directing, and monitoring the firm’s information security governance principles. This function advises and informs key business stakeholders and executive management to achieve balanced, agreed-upon objectives for ongoing compliance. The GRC function also assesses and manages IT risk, oversees the risk profiles of third-party service providers and collaborates with business stakeholders to respond to client due diligence. Purpose:
The GRC Analyst will help lead the development, enhancement, and implementation of information security risk management frameworks, and help drive security and operations audit, controls, and compliance. This role works closely with internal stakeholders to mature aspects of the GRC program including data governance (e.g., classification, handling, retention), policy development and management, reporting and metrics, and audit. Essential Duties: Help implement an information security risk management process to manage and track existing IT risks, assess new IT & third-party risks, and inform risk-based decision making that aligns with overall firm goals and future IT strategic projects. Assist with technical third-party risk and business process risk assessment activities to identify, evaluate, and prioritize information security risks to the organization – including threats, vulnerabilities, and potential impacts to information and technology assets. Collaborate with internal stakeholders to drive implementation of effective risk treatment plans of identified risks from external assessments, internal scans, and third parties. Manage the day-to-day relationship internally with Client and Product Services teams and assist in the completion of client due diligence questionnaire portions regarding TCW’s cybersecurity governance, risk and compliance program and security controls. Generate comprehensive reports and assist in defining and collecting metrics related to risk management (i.e., KRIs) and GRC program performance (i.e., KPIs) to stakeholders and leadership. Partner with legal and compliance teams to analyze new and upcoming industry regulations related to cybersecurity controls, risk management and reporting, and client reporting requirements for compliance. Collaborate with internal and external auditors to facilitate security audits and assessments, control testing, and completing user access reviews for SOC 1 in-scope applications. Stay current with industry trends and new regulations, emerging threats, and best practices for information security and risk management. Provide guidance and support in developing and maintaining information security policies, standards, and procedures. Required Qualifications: Bachelor’s degree in information security, Computer Science, or a related field. 2+ years of experience in information security, data governance, risk management and reporting, audit and compliance. Proficiency in risk assessment methodologies, tools, and techniques. Experience in participating in information security audits. Excellent communication and interpersonal skills. Strong understanding of information security risk frameworks (e.g., NIST, ISO, Cloud Security Alliance, DORA). Familiarity with data privacy guidelines (GDPR, CCPA/CCPRA). Professional Skills Qualifications: Excellent analytical and problem-solving skills with attention to detail. Strong verbal and written communication skills, including presentation and report writing to technical and non-technical audiences. Highly developed interpersonal skills with the ability to work well with colleagues, vendors, and partners. Ability to work independently and collaboratively in a fast-paced environment. High professionalism and strong organizational skills; ability to manage multiple tasks simultaneously. Experience building and maturing information security processes. Desired Qualifications: Relevant certifications such as CISSP, CISM, CISA, CRISC, or other. Understanding of Cloud governance and security. Experience with IT governance, risk, and compliance management in a mid-size to large environment. Experience in the financial services industry. Estimated Compensation: Base Salary:
For CA based position, the base salary range is $110K-$130K. This is an anticipated range for the base salary only. Other Compensation:
Eligible to be considered for an annual discretionary bonus. Benefits:
Eligible for TCW’s comprehensive benefits package. See more information here.
#J-18808-Ljbffr