You will be part of an energetic and dynamic team of information security and IT professionals supporting a global business and customer base. You will provide the glue that binds our fast-paced software development and SaaS business to our compliance, privacy and risk reduction requirements. The GRC Analyst will report to the Global Head of Security and own Litera's Information Security Management System, compliance and risk reduction initiatives. 

What you need:

• Strong initiative, drive and self-direction
• Comfort with change and a fast-paced environment
• Relentless attention to detail
• Ability to influence and persuade

Key Responsibilities:

• Manage and maintain Litera's Information Security Management System (ISMS)
• Assist and advance the business's compliance accreditations such as ISO 27001 and SOC 2
• Work with key business units to drive the adoption, design, implementation, operation, and remediation of control activities and other supporting requirements like policies, standards, processes, system configurations and reporting
• Assist with the creation and maintenance of policies, control specifications, and compliance auditing
• Identify, coordinate, track and report on remediation plans and progress for control deficiencies and risks
• Create, own, and update corrective and preventative action plans
• Assist key leaders with customer security and compliance audits/ assessments
• Provide insight to security team members regarding technical controls and tool effectiveness
• Perform third-party risk assessments and track vendor, supplier and contractor compliance

Qualifications:

• Working knowledge of Information Security Management Systems (ISMS) and the ISO 27001 standard
• Working knowledge of regulatory compliance and privacy standards including GDPR and related sensitive data types
• Five plus years' experience participating in audits, assessments, and other forms of security and compliance oversight
• Demonstrated ability to understand and assess risk, technical and organizational controls, and tradeoffs and implications with business productivity and operations
• Strong understanding of the differences and relationships between security, risk, compliance, and privacy principles
• In-depth understanding of cybersecurity threat and vulnerability types, risk management theory and application of these in practice
• Experience with implementing GRC tools for internal use and in managing third-party risk
• Understanding of multiple security domains such as application security, network security, identity and access management, mobility, and endpoint security

Who We Are:

Litera, headquartered in Chicago, IL, is a fast-growing software company and one of the leading legal technology suppliers in the world. Serving over 90% of the world's largest law firms, our software is used by hundreds of thousands of lawyers every day. As a company recently selected for Crain's Best Places to Work in Chicago, we believe professional development, rewards programs, open communication, and transparent leadership all contribute to a unique and open work environment. Our employees are driven, energetic, passionate, and have the ability to make a direct impact on the future of the company.