Global Security GRC Analyst (Governance, Risk, and Compliance)

Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.

The Global Security GRC Analyst will operate across various operational security control domains to identify, track, and support the management of information security, physical security, and business resilience (continuity and disaster recovery) risks and controls. The role involves working closely with decision-makers across the organization to identify, recommend, develop, implement, and support effective solutions and compliance for client security requirements and security risk-related aspects of the Firm.

Responsibilities

• Manage, review, and respond to client security requests, assessments, and audits.
• Monitor, assess, and report on physical, geographical, and environmental events in collaboration with global and regional teams, ensuring timely response and thorough investigation of alerts.
• Support internal and external audit functions regarding business continuity, resilience, and physical security matters.
• Report on annual internal security audits.
• Work directly with technology, legal, risk, and other teams to identify and evaluate potential risks.
• Assist in developing, enhancing, and maintaining crisis and security management procedures, resilience, business continuity management policies, and physical security processes.
• Monitor, track, and assess security framework compliance, including ISO 27001, ISO 22301, and SOC2.
• Help manage relationships with critical third-party suppliers to ensure their alignment with the firm’s continuity and security needs.
• Stay up to date with industry and regulatory developments to ensure compliance and relevance in our client assurance, business continuity, and physical security programs.

For this role, we value ability, attitude, and aptitude over experience and skills, as we have a strong training ethos.

• Ability – quick to learn new skills and concepts.
• Attitude – self-motivated, driven, passionate about solving problems and getting the job done right.
• Aptitude – great at solving problems and unravelling puzzles.
• Able to effectively multi-task, prioritize, and execute tasks in an exciting and busy environment.
• Can work independently and collaborate with geographically dispersed teams.
• Excellent written and verbal communication, interpersonal, intercultural, and presentation skills.
• Occasional travel to support global cybersecurity operations and incident response may be necessary.

Ideal candidate will have the following technical experience:

• Professional experience in a support role within Business Continuity or Physical Security in a complex environment. Experience in professional services or a partnership environment is beneficial.
• Knowledge of information security, physical security, and information governance processes and technologies.
• Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks.
• Experience with client audit processes.
• Knowledge and experience of protective and detective controls, and standards such as the NIST Cybersecurity Framework, ISO-27001, PCI-DSS, and Sarbanes-Oxley, providing oversight to embed those standards with technical and security architecture frameworks.
• Preferred industry certifications include CBCI, DRI, CISA, CISM, CRISC.
• Proven ability to influence and communicate effectively at all levels, from technical contributors to senior management.
• Experience with governance documents, including policies, standards, baselines, procedures, and guidelines.
• Familiarity with IT Disaster Recovery and IT Services Continuity Management.
• Basic knowledge of Risk Management and international regulatory requirements related to Business Continuity.

Remuneration and benefits will reflect the successful candidate's experience and the country where hired.