Compliance Analyst 19-0425
We are Relativity. A market-leading, global tech company that equips legal professionals with a powerful platform to organize data, discover the truth, and act on it. The U.S. Department of Justice, 198 of top 200 U.S. law firms, and more than 70 Fortune 100 companies are among our customers who trust Relativity during litigation, internal investigations, and compliance projects.
Our SaaS product, RelativityOne, has become the fastest-growing product in the company's history and we have consistently been named a great workplace. As we grow, we continue to seek individuals that will bring their whole self to our team atmosphere.
Join us in the transformation of the legal industry and play a pivotal role in shaping the future of the practice of law and beyond.
This is a critical coordinating role in the Relativity compliance team for maintaining the completeness, accuracy and timeliness of our Information Security, Risk and Privacy (ISRP) Program, which includes multiple control frameworks, including SOC 2, ISO 27001, CSA, PCI, HIPAA, GDPR and FedRAMP. As a member of the Compliance team in the Security function, you will create and coordinate the processes for aligning and managing changes in the set of governed documentation and underlying data for measuring the effectiveness of our ISRP program.
ISRP Program – Governed Documentation Alignment
- Schedule documentation updates, maintain versioning records, and coordinate approval requirements
- Align documentation across sets of controls related to multiple frameworks across our ISRP control portfolio
- Write or edit technical documentation for compliance control mapping, change controls, and reporting around industry frameworks (ISO, SOC, NIST and others)
- Critically read versions of documentation created by process owners for language, clarity, style, flow, and structure to identify areas for refinement. Provide training or counsel on effective writing
- Identify opportunities for simplification of documentation to support multiple industry frameworks (ISO, SOC, NIST and others)
- Attend meetings with leadership, functional management and for working groups developing control processes. Take minutes and track action items for working group or committee meetings
- Coordinate the annual update of data retention requirements for risk, privacy and security
- Coordinate common standards for the documentation, tracking and reporting of issue remediation actions.
Governance, Risk and Compliance Data – Change Coordination
- With compliance team framework (SME) input, schedule and maintain up to date control mapping in our GRC tool in an environment of substantial change. (We use ZenGRC.)
- Coordinate with vendor for substantive changes, such as new entities, new framework assessments, etc.
- Coordinate updates and sharing of controlled documentation with the pre-sales team for customer inquiries
- Maintain updated cross-mapping references for the ISRP control portfolio in a high-change environment
- We are looking for a compliance documentation analyst with experience working with relational database technologies in the Governance, Risk and Compliance domain (GRC Domain). Additionally, to support your understanding of the team and its priorities, knowledge and experience in risk management and IT control testing within the software development space is extremely beneficial, with cloud-based operations preferred. A desire will drive your success in this role, especially for new process, technology, compliance standards and privacy regulations.
- Experience with document management related tools (e.g., Onbase, Sharepoint, Confluence etc.).
- Experience with work flow, service ticketing and audit management tools (e.g., Jira, ServiceNow, etc.)
- Experience with audit, GRC or IRM tools is desirable (e.g., Archer RSA, ACL, ZenGRC, etc.)
- Two years of experience including creating audit or assessment reports and / or creating control-related policy and procedure documentation