×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

IT Enterprise Risk Analyst

Job in Tampa, Hillsborough County, Florida, 33646, USA
Listing for: Holland & Knight
Full Time position
Listed on 2026-06-05
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
## IT Enterprise Risk Analyst Apply locations:
Operations Center - Tampatime type:
Full time posted on:
Posted Yesterday job requisition :
R5450

We are a Firm where people truly believe in what they do and strive to achieve the highest standards of performance and success.
* This position is based in the Firm's global operations center in Tampa, FL.
**
* General Description:

** We are seeking an IT Enterprise Risk Analyst to join our team. The IT Risk Analyst helps manage the Firm’s GRC and IT risk programs, focusing on information security for client data, attorney work, and privileged communications. Reporting to the IT Enterprise Risk Management Manager, the role maintains policies, assesses risks and controls, coordinates third-party reviews, drafts responses for client guidelines, prepares evidence for cyber insurance, and supports audits.

Responsibilities align with ISO/IEC 27001/27002, NIST CSF, CIS Controls, SOC 2, HIPAA, GLBA, GDPR, and state privacy laws (e.g., CCPA/CPRA).
** Key Responsibilities and

Essential Job Functions:

**
* ** Policy, Standards and Governance**  + Support the development, review, and maintenance of information security and technology risk policies, standards, procedures, and guidance documents.  + Maintain the policy lifecycle process, including stakeholder reviews, approvals, publication, periodic review schedules, and version control.  + Map policies/standards to ISO, NIST, CIS Controls, SOC 2, HIPAA, GLBA, U.S. state privacy laws, and EU requirements, and to applicable client Outside Counsel Guidelines and contractual security addenda;

maintain crosswalks and control documentation to support audit readiness.  + Administer policy exception and risk acceptance of workflows, ensuring justification, compensating controls, approvals, and defined expiration/renewal dates.  + Contribute to awareness materials and operational guidance to promote consistent implementation of requirements.  + Help maintain controls supporting ethical walls / information barriers, matter-level access restrictions, and legal hold obligations, under the direction of the Senior Analyst and in partnership with the Office of the General Counsel, Conflicts, and Records & Information Governance.  

+ Maintain awareness of the Firm’s professional responsibility obligations, including ABA Model Rules 1.1 (technology competence) and 1.6 (confidentiality of information), and apply that awareness to policy implementation and control activities.
* ** Information Security and Technology Risk Management**  + Conduct or facilitate risk assessments for applications, infrastructure, cloud services, Firm-critical legal-industry platforms (document management, time and billing, conflicts and new business intake, eDiscovery, and matter management), and key business processes; document risk statements, likelihood/impact, and control effectiveness.  + Maintain and update the risk register, including inherent and residual ratings, treatment plans, owners, milestones, and status updates.  

+ Partner with control owners to identify remediation actions, track progress, and validate closure with appropriate evidence.  + Support ongoing risk monitoring through key risk indicators (KRIs) and control health metrics, including indicators relevant to the legal sector (e.g., business email compromise and wire-fraud schemes, ransomware targeting law firms, and client-confidential data exposure).  + Draft and contribute to risk reporting and summaries for governance forums under the direction of the IT Enterprise Risk Management Manager, including content packaged for Firm leadership and Firm Management Committee audiences.  

+ Support incident response activities by gathering control and risk evidence, contributing to post-incident lessons learned, and helping ensure resulting control improvements are tracked in the risk register.
* ** Vendor/Third Party Risk Management (TPRM)**  + Perform third party security due diligence based on vendor criticality and risk tiering (including third-industry parties such as co-counsel and local counsel, eDiscovery and document review providers, expert witnesses, court reporters and translators,…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search