Technology Risk and Compliance Analyst

Clearwater Analytics' mission is to become the world's most trusted and comprehensive technology platform for investment reporting, accounting, and analytics.  With our team, you will partner with the most sophisticated and innovative institutional investors around the world. If you are infectiously passionate about what you do, intensely committed to clients, and driven by continuous innovation and improvement... We want you to apply

The Technology Risk and Compliance Analyst plays a pivotal role across multiple dimensions. They are instrumental in crafting responses to security inquiries within "request for proposals" (RFPs) and ensuring their prompt delivery. As the initial point of contact for addressing customer security concerns, they actively seek avenues to optimize the efficiency of the security customer engagement process. Moreover, they utilize structured methods and protocols to identify and assess IT risk, implement pertinent controls, formalize agreements, and diligently follow through on necessary procedures. Effective communication is at the core of their responsibilities, encompassing the dissemination of strategies, standards, policies, procedures, and awareness campaigns to all business partners. They take purposeful actions to guarantee global business units' compliance with relevant frameworks and conduct comprehensive reviews of proposed vendor engagement terms and conditions. Additionally, they apply the company's risk profile, offer pertinent feedback, and meticulously document any deviations from the established processes. 

Responsibilities:

• Assists in the production of response to security questions in "request for proposals" (RFP's) or customer assessments (Due Diligence Questionnaires).
• Acts as first point of escalation for security/compliance questions for current and prospective customers.
• Review third party vendors for security and compliance controls; assesses risk based on a given risk assessment framework (Third Party Risk Management/Vendor Assessment). 
• Review proposed client engagement terms and conditions and apply the company risk profile, providing the appropriate feedback as to any changes needed and documenting exceptions to the process.
• Assists in the collation of Enterprise Risk, control and mitigation updates, along with KRIs.
• Identifies efficiency improvements in the security customer engagement process.
• Communicates strategies, standards, policies, procedures, communications, and awareness efforts with all business partners.
• Takes actions as directed to ensure compliance of global business units in actions necessary to ensure compliance with applicable frameworks.
• Keeps up to date with evolving regulations and legislation related to privacy and security as they pertain to Clearwater. 
• Ability to manage time effectively by hitting assigned deadlines and milestones.
• Requires minimum supervision to work on daily tickets and tasks, can use documentation and team resources to complete most tasks.
• Capably resolves all but the most complex operational issues without the need for escalation. 
• Willingness and ability to maintain a positive, quality-oriented, reliable and flexible attitude.
• Actively seeks opportunities for improving key processes and systems without requiring daily direction. 
• Demonstrates the ability to take on an assignment, project, or problem and lead, define, and implement a solution to completion. 

Requirements:

• Knowledge of SOC 2 and ISO 27001 control frameworks.
• Knowledge of risk frameworks and risk management processes.
• Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important.
• Excellent attention to detail and strong documentation skills.  
• Excellent verbal, written and interpersonal communication skills.
• Experienced in Atlassian (JIRA) and proficient in Microsoft Office.

Experience:

• Demonstrated experience in owning, managing and responding to Client/Prospect Security Assessments (DDQs, RFPs etc.).
• Experience working with Third Party Risk Management/Vendor Assessment tasks.
• Demonstrated experience with SOC 1 and/or SOC 2 audits and monitoring control activities.
• Experience performing or undergoing internal and external audits.
• Experience with compliance, audit, or operations including development of internal controls, policies, and procedures.
• Experience assisting in risk management processes, control frameworks, KRIs.
• Experience communicating technical controls and processes with customers and stakeholders.
• Demonstrated professional application of information security, compliance, assurance and/or other security practices and principles.