At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve.By understanding, respecting, and honoring the needs of our employees, clients, and communities, AlixPartners actively promotes an inclusive environment. We strongly believe in the value that diversity brings to our experiences and are committed to the perpetual enhancements of initiatives, policies, and practices. We hold ourselves accountable by providing the space for authenticity, growth, and equity for everyone.
AlixPartners has embraced a hybrid work model to provide flexibility and support our employees' work-life integration. Our hybrid model combines a mix of in-person at an AlixPartners office on Tuesday, Wednesday, & Thursday and remote working options for Monday and Friday.
What you'll do
As a member of the Information Security team, the Information Security Governance, Risk, & Compliance (IS GRC) Senior Analyst will play a pivotal role in managing and advancing the firm's security risk and compliance initiatives. This role requires a seasoned professional with a strong understanding of regulatory frameworks, audit processes, and control testing methodologies.
You will lead audit preparation and coordination, manage client security assessments, and oversee control testing programs to ensure compliance with contractual and regulatory obligations. You will collaborate with IT leadership, control owners, and cross-functional teams to assess risks, implement mitigation strategies, and maintain accurate documentation within the firm's GRC platform. You are expected to proactively contribute to process improvements and stay current with emerging technologies and industry standards.
The Information Security Governance, Risk, & Compliance Senior Analyst is a full-time position located in Southfield, MI reporting to the Information Security Governance, Risk, & Compliance Manager. Paid relocation is not available.
Lead the preparation and delivery of audit materials for internal and external audits
Design, execute, and monitor control testing programs to validate compliance
Maintain and enhance documentation within the internal GRC platform
Conduct periodic reviews of systems to ensure adherence to current procedures and policies
Manage and respond to client security assessments and audit requests
Interpret regulatory and industry standards into actionable technical requirements
Oversee monthly phishing campaigns and analyze results for improvement
Coordinate audit interviews and walkthroughs with control owners and auditors
Collaborate with cross-functional teams to develop and implement mitigation strategies
Track and validate corrective action plans to ensure timely resolution
Stay informed on emerging technologies, threats, and compliance frameworks
Contribute to process improvement initiatives and update documentation accordingly
Security Team
Identify gaps and recommend corrective actions
Stay current on security industry trends, new threats and attack techniques, mitigation techniques, and emerging security technologies
Keep abreast of the latest information security and privacy laws and regulations; ensure compliance both with internal security policies and applicable laws and regulations
Measure and report metrics to IS GRC Manager, Director and CISO
Improve security efficiency, streamline, and automate work processes while working collaboratively with other team members and IT staff to accomplish objectives
Participate, as needed, in critical incidents and implementation reviews
Additional responsibilities as identified. This description is not designed to encompass a comprehensive listing of required activities, duties, or responsibilities
What you'll need
Bachelor's degree in Information Technology or related field; relevant experience may be considered in lieu of education
Minimum four (4) years of hands-on experience in Information Security, Governance, Risk, Compliance, Audit, or IT operations, with a solid understanding of GRC frameworks and lifecycle
Proficiency in cybersecurity standards and frameworks such as ISO 27001, SOC 2, NIST, and CIS Controls
Experience with GRC platforms, preferably ServiceNow IRM / GRC, including control mapping, risk assessments, and workflow automation preferred
Commitment to professional development with a willingness to pursue certifications such as CISA, CRISC, CISSP, or similar
Demonstrated ability to lead audit engagements, manage client assessments, and interface with cross-functional teams
Excellent written and verbal communication skills in English to support security programs. Must be able to provide formal reports and presentations
Attention to detail and the ability to prioritize work while successfully managing multiple projects and deadlines
Proficient with Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.)
Willingness to work outside of normal U.S. business hours, and as unique projects/needs arise.
Ability to work full time in an office and remote environment; physically able to sit/stand at a computer and work in front... For full info follow application link.
AlixPartners is a global firm of senior business and consulting professionals that specializes in improving corporate financial and operational performance, executing corporate turnarounds and providing litigation consulting and forensic accounting services when it really matters – in urgent, high-impact situations. More information is available at www.alixpartners.com.
All qualified applicants will receive consideration for employment without regard to among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, (age), status as a protected veteran, or disability. AlixPartners is a proud Bronze award-winning Veteran Friendly Employer.
