×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

Risk and Compliance Analyst II

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Munger, Tolles & Olson
Full Time position
Listed on 2026-01-12
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 49.04 - 63.47 USD Hourly USD 49.04 63.47 HOUR
Job Description & How to Apply Below

Overview

Risk & Compliance Analyst II — Full Time, Non-exempt, Offsite (in-office based on business needs). Must be within commutable distance to the office.

Locations: Los Angeles, CA or San Francisco, CA or Washington, D.C.

Residency Requirements: For the Washington, D.C. office, residency within Washington, D.C., Maryland, or Virginia and within a reasonable commutable distance to the assigned office is required depending on the firm’s discretion and the role. For Los Angeles and San Francisco offices, residency within California and within a reasonable commutable distance to the assigned office is required depending on the firm’s discretion and the nature of the role.

Salary Range (subject to verification): Los Angeles and Washington, D.C.: $44.67/hour - $57.70/hour ($92,913.60 - $ annually). San Francisco: $49.04/hour - $63.47/hour ($ - $ annually). The posted range is part of the total rewards package and does not guarantee wage.

-------------

Responsibilities
  • Maintain a balanced risk management and compliance control framework, working with key stakeholders in alignment with Firm and client standards.
  • Review Firm policies, procedures, and standards; partner with Human Resources and other stakeholders to ensure compliance with client outside counsel guidelines.
  • Facilitate and document client security assessments and other client requests, including internal and client communications, meetings, deadlines, research, responses, and remediation requests.
  • Analyze client security assessment results and recommend improvements to business processes and controls (administrative and technical).
  • Collect vendor information from vendor owners, research tools, and public resources; keep the vendor database up-to-date.
  • Maintain vendor management tools used to track vendor management lifecycle, security risk assessments, and contract reviews.
  • Conduct security and business risk assessments of third-party vendors; track remediation requests per the vendor risk program and policies.
  • Review contracts for low-risk third-party vendors in accordance with the vendor management program; partner with vendor owners and contract review attorneys.
  • Review and develop scenarios for the Firm’s risk register.
  • Partner with appropriate business units to implement and enforce operational, technical, and data privacy controls.
  • Document internal controls and map to Firm and client compliance standards (e.g., ISO 27001, SOC 2, NIST, CIS Top 18).
  • Analyze compliance gaps and recommend improvements to processes and controls.
  • Respond to Data Subject Request inquiries related to GDPR, CCPA, or other privacy laws.
  • Document, investigate, and report compliance issues and incidents when necessary.
  • Collect, analyze, and prepare reports for senior management, auditors, and other stakeholders.
  • Assist with outside counsel guideline reviews (e.g., drafting responses, tracking deadlines, liaising with risk partners).
  • Assist with audit letter review processes (e.g., drafting letters, tracking deadlines, liaising with Audit Committee).
  • Other duties as assigned.
Tools
  • Proficiency with Microsoft Office Word, Excel, and PowerPoint is desired.
  • Proficiency with GRC tools (RSA Archer, Logic Manager, KnowBe4 Compliance Manager) is desired.
  • Proficiency with vendor risk tools (Third Party Trust, Argos Risk, Bit Sight, Risk Recon) is desired.
  • Familiarity with Microsoft 365 (SharePoint, Teams, One Drive) and document management systems is desired.
  • Familiarity with project management and agile collaboration tools is desired.
Minimum Job Qualifications
  • Bachelor's degree preferred, or 5+ years of combined experience in information security, GRC, BCP/DR, or risk management with at least 3 years in governance, risk, or compliance programs.
  • High school diploma or GED required.
  • Certified Information Security Auditor (CISA), CRISC, or other relevant training/certifications are highly recommended.
  • Excellent attention to detail, critical thinking, and analytical skills.
  • Ability to work proactively in a fast-paced environment and interact professionally.
  • Strong customer service dedication.
  • Effective written and verbal communication skills.
  • Ability to follow directions and collaborate with a team.
  • Un…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search