Technology, Associate, IT Governance, Risk and Compliance (GRC)

About The Position

Requirements

• Bachelor’s degree in a related field or equivalent experience.
• 2–4 years of experience in IT Governance, Risk & Compliance (GRC), IT Security Risk Management, Risk Audit, Data Privacy Investigation, Technology Risk, and/or Information Security (ideally with a background in Financial Services).
• Working familiarity with standard security frameworks such as NIST CSF, ISO 27001/27002, COBIT, SOC 2 type 2 and CIS controls, etc.
• Experience reviewing IT solution requirements and implementing security controls. Strong analytical and risk assessment skills with the ability to design compensating controls for security vulnerabilities and assess business impact of security tools and policies.
• Microsoft Office 365 and associated applications; Excel, Teams, Forms, PowerQuery, etc.
• You are resilient and don't get discouraged by manual processes; you look for ways to optimize them.
• Excellent written communication is non-negotiable. You must be able to explain complex technical risks to non-technical stakeholders clearly and concisely.
• Demonstrated interest or experience with LLMs (ChatGPT, Claude, Copilot). Experience with prompt engineering or Python scripting for automation is highly valued.
• You read about LLM risks, changing regulations or new breaches for fun. You are technically apt enough to converse with engineers but focused on governance. You never have enough knowledge about the business or systems you help oversee.

Nice To Haves

• preferred certifications include Security+, CISA, CRISC, or CISSP.

Responsibilities

• IT Governance, Risk and Compliance (GRC)
• Third-Party Risk Management (TPRM): Own the vendor security review process. You will assess third-party vendors to ensure compliance with the firm's standards, requiring understanding of our core business processes, attention to detail, and the persistence to chase down answers. Obtain and meticulously review SOC reports (e.g., SOC 1, SOC 2) for critical third-party service providers, evaluating their adherence to 'Complementary Controls at User Entities' and ensuring our internal alignment.
• Client & Regulatory Due Diligence: Support the completion of external security questionnaires. You will articulate BTIG’s security posture to institutional clients and regulators, translating technical controls into clear, professional narratives.
• IT Controls & Audit Collaboration: Assist with internal SOX IT controls audits and access control reviews across our technology stack, including in-house developed systems and third-party SaaS platforms. You will work with engineering teams to verify that permissions are correct and ensure evidence is gathered efficiently. Actively participate in external IT audits, specifically focusing on validating and documenting controls related to access management, change control, and system operations for key systems that handle financial data.
• Business Continuity & Disaster Recovery (BCDR): Assist the CISO in maintaining and testing the firm's Business Continuity and Disaster Recovery plans, including documentation updates, tabletop exercises, and coordination with Infrastructure and Operations teams to ensure recovery time objectives (RTOs) are achievable.
• Policy Development: Assist in drafting and maintaining information security policies and procedures.
• Perform risk assessments and gap analyses for IT systems that handle PHI and financial data.
• Automate and monitor controls through scheduled reviews, scripts, or tooling to reduce manual effort and improve coverage.
• High-Touch Support: Experience directly supporting executives is valuable here; you will act as a bridge between the CISO and various business units, requiring professionalism and discretion.
• AI Governance: Support the CISO in defining the guardrails for Generative AI that balance innovation with risk (e.g., data leakage, appropriate use).
• Applied AI/Automation: Utilize prompt engineering and automation tools to streamline governance workflows. If you can script it or prompt it to save time, we want you to build it.

Benefits

• BTIG offers a competitive compensation and benefits package.