Senior Analyst, Cybersecurity Data Privacy and Third-Party Risk

About the Role

As the Cybersecurity Data Privacy and Third-Party Risk Senior Analyst, you will play a key role within the Data Privacy and Third-Party Risk Team of our Global Cybersecurity Department. Your work will be at the heart of what we do: ensure the continuous improvement of our Information Security Management System, helping FTI protect valuable and sensitive data for our firm, employees, and clients. You will be primarily responsible for monitoring key security controls and procedures and executing assessments across multiple IT & Information Security functions. In addition, you will get to exercise your strategy muscles, recommending and assisting in completing process implementation & improvement efforts that will shape the future of information security for FTI.

What You’ll Do

• Perform monitoring of key security control and procedures
• Plan and conduct vendor assessments across multiple IT systems.
• Perform Independent analysis of results of vendor assessments and testing to assess risks and provide appropriate recommendations for corrective actions
• Collaborate with various IT departments to identify root causes and assist in the development of solutions
• Provide Data Privacy support to clients, including —
  • Tracking and review Privacy Impact Assessments (PIAs)
  • Completion of security and privacy questionnaires in response to client inquiries
• Perform deep analysis of Access, Change Management, Vulnerability Management, and assist with 3^rd party risk assessments
• Work with various “control owners” (Application and Process) to help in remediation and process improvement activities
• Act as a liaison between external client auditors and internal process owners, and respond to external organizations requests
• Perform various internal and administrative duties (such as reporting and planning) to support the department and internal initiatives

Additionally, the preferred candidate will:

• Use excellent communications skills and a consultative approach to identify opportunities for improvement.
• Actively participate in decision-making with GCP management and seek to understand the broader impact of current decisions.
• Prepare detailed, clear, concise, and organized work papers according to GCP Security assessment standards, with sufficient evidence to support and document findings, conclusions, and recommendations.
• Identify opportunities and provide actionable recommendations to enhance the security assessment process, such as updating and adapting security assessment work programs and questionnaires. Assist in selecting and tailoring security assessment and review approaches, methods, and tools to support security assessment objectives, identified risks, and business unit requirements.
• Assist and support special investigations and other Corporate Security assessment initiatives or special projects as requested.

How You’ll Grow

ITG uses an “IT Service Portfolio” approach to align with business priorities and articulate and communicate its diversification of IT investments. FTI Consulting leverages the Information Technology Group (ITG) to accomplish the following goals: Improve Practitioner Productivity and grow the business with IT, Reduce Risks with IT in the business, and manage a balanced set of IT investments that meet business objectives. In addition, we encourage our employees to become “Super Users” of all our services, take advantage of multiple opportunities to work with colleagues on the wide array of cross-functional to inter-department projects, and self-improve through professional development.

Basic Qualifications

• Minimum of 3 years’ experience in IT auditing, Third-Party or IT compliance assessments (professional services firm experience preferred); OR 1 year of experience in IT AND 1 year of experience in IT auditing or IT compliance assessments
• Undergraduate degree (4 years) in Management Information Systems, Information Technology, Computer Science, or related field preferred; graduate degree a plus.
• Travel required to FTI office(s).
• COVID Vaccine required*

*Individuals seeking an exemption from this requirement for medical or religious reasons should complete a request for accommodation form and submit the form to [email protected].

Preferred Skills 

• Relevant BA/BS degree (Management Information Systems, Information Technology, Computer Science, or related field preferred) or security certifications.
• Relevant professional designations, such as:
  • CISA or Security+ strongly preferred
  • CRISC, CISSP, CISM, AWS, or Azure security-specific certifications is a plus
• 3 years of Technical Cybersecurity, IT audit/GRC experience plus 2 years leading IT Audit/Cybersecurity Assessments or 5 years Cybersecurity, IT Audit/GRC experience, and 2 years within FTI.