Risk & Compliance Analyst

Bennett Thrasher, currently ranked among the largest CPA firms in the U.S., is a premier provider of professional tax, assurance, and consulting services to businesses and high net worth individuals. Consistently named one of the Best Accounting Firms to Work for in the United States by Accounting Today, Bennett Thrasher offers the expertise and opportunities of a large accounting firm, while also providing a commitment to culture and a family-like work atmosphere. We work hard to help our clients solve challenges, but we also believe in taking time for what matters and offer benefits for you that reflect this mindset.

Bennett Thrasher "BT" is seeking a highly skilled and motivated Risk & Compliance Analyst to join our dynamic team. The successful candidate will play a crucial role in ensuring our organization's data policies, procedures, and standards follow regulatory requirements and industry best practices. Duties include conducting training and assessments on cyber risks, managing risks associated with third-party vendors, ensuring compliance with SOC regulations, and maintaining privacy

Responsibilities

• Data Governance: Develop, implement, and maintain data governance frameworks, policies, and standards to ensure data quality and integrity.
• Risk Management: Identify, assess, and manage data-related risks to protect the organization’s data assets. Compliance: Ensure compliance with data protection regulations such as GDPR, CCPA, and other relevant legislation.
• Audit and Monitoring: Conduct regular audits and monitoring activities to identify control gaps and ensure compliance with data governance policies and standards.
• Compliance: Ensure compliance with data protection regulations such as GDPR, CCPA, and other relevant legislation.
• Training and Awareness: Provide training and raise awareness on data governance, risk management, and compliance within the organization.
• Stakeholder Collaboration: Work closely with data owners, IT, legal, and departments to ensure alignment and support for data governance initiatives.
  
  
  

Specific Responsibilities

Audits & Client Support

• Directly oversee annual SOC1/SOC2 reviews, as well as managing compliance with GLBA and GDPR.
• Coordinate with internal and external auditors during compliance reviews.
• Complete security questionnaires for prospective and existing clients.
  
  
  

Policy, Training, and Awareness

• Assist in developing and updating privacy and compliance policies, procedures, and training materials. Policy, Training & Awareness
• Deliver training and awareness sessions to internal teams.
  
  
  

Internal Risk & Compliance

• Perform internal information risk classification and maintain inventories of sensitive data.
• Review application requests for data privacy and security risks.
• Implement processes to automate and continuously monitor information security controls, exceptions, risks, testing.
• Develop and implement controls and processes through frameworks like NIST, COSO, COBIT, etc.
• Develop reporting metrics, dashboards, and evidence artifacts.
  

Third-Party Risk Management

• Conduct and manage end-to-end vendor security risk assessments.
• Review third-party security documentation (e.g., SOC 2 reports, ISO 27001 certifications).
• Assess new software for security and privacy risks and recommend appropriate contract terms.
  
  
  

Qualifications

• Bachelor's degree in information technology, Business Administration, or related field.
• Minimum of 3-5 years of experience in data governance, risk management, and compliance roles.
• Experience with cybersecurity frameworks such as NIST CSF, ISO 27001, or Secure Controls Framework (SCF)
• Strong knowledge of data protection regulations (e.g., GDPR, CCPA).
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively with cross-functional teams.
• Experience with Microsoft Purview or similar data governance tools is a plus.
• Professional certifications such as SSCP, CISM, CIPP, CIPM, or CRISC are a plus.
  
  
  

Bennett Thrasher is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.