×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Business Analyst

IT Enterprise Risk Analyst

Job in Tampa, Hillsborough County, Florida, 33646, USA
Listing for: Holland & Knight
Full Time position
Listed on 2026-06-22
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 85000 - 110000 USD Yearly USD 85000.00 110000.00 YEAR
Job Description & How to Apply Below

Overview

We are a firm that strives for the highest standards of performance and success. This position, based in the firm’s global operations center in Tampa, FL, seeks an IT Enterprise Risk Analyst to join our team. The role manages the firm’s GRC and IT risk programs, focusing on information security for client data, attorney work, and privileged communications.

Key Responsibilities
  • Policy, Standards and Governance
    : support development, review, and maintenance of information security and technology risk policies, standards, procedures, and guidance documents; maintain policy‑lifecycle processes, stakeholder reviews, approvals, version control; map policies to ISO, NIST, CIS, SOC2, HIPAA, GLBA, GDPR, CCPA, CPRA, and client Outside Counsel Guidelines; administer policy exceptions and risk acceptance workflows; contribute to awareness materials and operative guidance.
  • Information Security and Technology Risk Management
    : conduct or facilitate risk assessments for applications, infrastructure, cloud services, and firm‑critical legal‑industry platforms; maintain risk register, including inherent and residual ratings and treatment plans; partner with control owners for remediation; support risk monitoring, key risk indicators, and control health metrics; draft risk reporting for governance forums; support incident response activities and post‑incident lessons learned.
  • Vendor/Third‑Party Risk Management (TPRM): perform third‑party security due diligence based on vendor criticality and risk tiering; coordinate security questionnaires and evidence collection; review SOC reports, ISO certificates, penetration test summaries, and other assurance artifacts; identify gaps, recommend remediation, track vendor action plans; partner with Procurement/Legal on contract security requirements; support periodic vendor reassessments; draft responses to inbound client security questionnaires.
  • Audit, Assurance and Compliance
    : support internal and external audits by coordinating evidence collection, control walkthroughs, and audit responses; assist with gap assessments and control testing against ISO
    27001/27002, NIST CSF/SP800‑53/800‑171, SOC2, GLBA, HIPAA, GDPR, NIS2, and CUI/ITAR/EAR requirements; track audit findings and corrective action plans; maintain audit artifacts; support EU compliance activities and controlled unclassified information (CUI) handling; compile control attestations for cyber‑insurance applications.
Expected Work Schedule

Maintain a regular and predictable work schedule and full attention during business hours, except as otherwise approved or required by law.

Required Skills
  • Strong written and verbal communication skills, ability to translate control requirements into clear documentation and actionable guidance.
  • Strong organizational skills, meticulous attention to detail, and the ability to manage multiple priorities and deadlines.
  • Knowledge or ability to learn Microsoft Office Suite or Microsoft
    365.
Required Qualifications & Education
  • Bachelor’s degree in information security, information technology, risk management, business, or equivalent practical experience.
  • 3+ years of experience in GRC, information security, technology risk management, compliance, internal audit, or third‑party risk management.
  • Working knowledge of ISO/IEC
    27000 family, NIST CSF/SP800‑53/800‑171, and HIPAA.
  • Familiarity with EU information security and privacy requirements (e.g., GDPR) and NIS2 concerns.
  • Experience collecting, organizing, and validating control evidence and supporting audits/assessments.
  • Certifications:

    ISACA CRISC and/or CISA.
Preferred Qualifications & Education
  • Prior exposure to GRC, IT risk, or information security work in a law firm, professional services firm, or client‑confidential environment.
  • Familiarity with legal‑industry technology (e.g., iManage, Net Documents, 3E, Aderant, Intapp, Relativity) and data‑sensitivity considerations.
  • Awareness of ABA Model Rules of Professional Conduct (Rules
    1.1 and
    1.6) and applicable state bar requirements.
  • Familiarity with CUI handling, NIST SP800‑171, CMMC, and ITAR/EAR data‑handling; prior exposure to federal, defense, or government‑contract client matters.
  • Certifications:

    ISACA…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search