We are Relativity. A market-leading, global tech company that equips legal professionals with a powerful platform to organize data, discover the truth, and act on it. The U.S. Department of Justice, 198 of top 200 U.S. law firms, and more than 70 Fortune 100 companies are among our customers who trust Relativity during litigation, internal investigations, and compliance projects.
Our SaaS product, RelativityOne, has become the fastest-growing product in the company's history and we have consistently been named a great workplace. As we grow, we continue to seek individuals that will bring their whole self to our team atmosphere.
Join us in the transformation of the legal industry and play a pivotal role in shaping the future of the practice of law and beyond.
The Compliance Analyst reports to the Director, Global Risk & Compliance and will coordinate compliance monitoring activities within Relativity vendors and partners. The Relativity Information Security, Risk and Privacy program (ISRP) spans commercial, government and protected-data standards. This role is driving expansion, standardization and simplification of the testing and documentation required for our control environment. This role works in partnership with multiple Relativity departments and locations as we extend our SaaS offering globally and across industries.
- Under the direction of the Director, Global Risk & Compliance and in support of our risk and compliance team leads, this role is engaged in the evaluation and improvement of ongoing security and control effectiveness through
- Responsible for initiating recurring testing activities, coordination and tracking of test evidence and conducting compliance reviews of test results, especially for our FedRAMP authorization activities
- Actively supports the identification and assessment of the risk/impact of changes to control processes across our ISRP program
- Participates in the deployment and validation of new information security control standards across Relativity departments and/or with vendors and business partners where appropriate
- Responsible for the coordination of revisions and/or retention of ISRP program-related documentation.
- Identifies opportunities for simplification of program documentation to support shared understanding across multiple standards.
- Assists with the development of policies, procedures and workflows to provide clear process understanding and meet compliance documentation standards
- Collaboratively challenges the status quo of current processes and suggests improvements, automation or alternatives.
- Assists with research and interpretation of regulatory framework, compliance standards and compliance and best practice procedures.
- Looks for ways to balance risk management and creativity in responding to business / technical opportunities.
- Two years of experience auditing and/or monitoring the effectiveness of information security, privacy and technology risks, processes and controls.
- Able to demonstrate a working knowledge of key principles of information technology general controls, including change management, access to programs and data, segregation of duties, asset management, computer operations, encryption practices and secure software development.
- Training and/or direct work experience with one or more core IT auditing standards (such as: ISO 27001, SOC 2 TRUST Principles, Sarbanes-Oxley Act) is preferred.
- Knowledge of one or more industry guidelines (such as: FedRAMP, NIST 800-53, COBIT) is desirable.
- Knowledge of privacy concepts (such as GDPR, HIPAA, ISO 27018) is desirable.
- Experience in a cloud-based (SaaS) software development environment and/or knowledge of ISO 27017 concepts is ideal for this role.