Washington
Legal

Risk Analyst

CM Legal

The Risk Analyst is responsible for ensuring consistent risk assessment across the Firm and fostering a risk-aware culture. Reporting to the Director of Information Security and Assurance, the Risk Analyst manages a thematic risk and control program focused on cyber, technology, and operational risks. This includes registering and tracking issues, reporting them to the Chief Information Security Officer (CISO) and stakeholders, and implementing the Firm’s security awareness and training program. The role demands hands-on collaboration with stakeholders and IT implementers.

Qualifications include a Bachelor’s degree in Computer Science or Engineering, advanced degrees and CISSP certification preferred, and over five years of experience in cybersecurity, technology audits, and third-party security risk assessments. Proficiency with risk assessment software like ServiceNow or Archer, and security training software such as Proofpoint, is required. The Analyst will define, document, and manage risk management processes, assess client risks, review SOC 2 and ISO certifications, and provide actionable insights on security controls. They will also report program progress using KPIs and KRIs. Big 4 experience is a plus.

The expected salary range for this position is between $98,000-$138,000​​​​​​​. The actual base salary offered will depend upon a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job.

  • Max. file size: 300 MB.

Every connection begins with a conversation. Begin the legal recruitment process now.