Technology, Associate, IT Governance, Risk and Compliance; GRC

Position: Technology, Associate, IT Governance, Risk and Compliance (GRC)
Job Purpose:

BTIG is seeking an Associate who will help lead and evolve the governance engine of a global, mid-sized investment bank to support our next phase of growth. You will report directly to the CISO and be responsible for security assurance, compliance operations, and technology risk management. You will help maintain control readiness, perform testing and evidence collection, and support risk and vendor assessments for internally developed systems and SaaS applications.

Your work will directly protect the firm's reputation and enable its business. We don't expect you to know every regulatory framework on day one. We do expect you to write exceptionally well, ask smart questions, and possess the grit to see difficult tasks through completion.

Duties & Responsibilities:

IT Governance, Risk and Compliance (GRC)

* Third-Party Risk Management (TPRM): Own the vendor security review process. You will assess third-party vendors to ensure compliance with the firm's standards, requiring understanding of our core business processes, attention to detail, and the persistence to chase down answers. Obtain and meticulously review SOC reports (e.g., SOC 1, SOC
2) for critical third-party service providers, evaluating their adherence to 'Complementary Controls at User Entities' and ensuring our internal alignment.

* Client & Regulatory Due Diligence: Support the completion of external security questionnaires. You will articulate BTIG's security posture to institutional clients and regulators, translating technical controls into clear, professional narratives.

* IT Controls & Audit

Collaboration:

 Assist with internal SOX IT controls audits and access control reviews across our technology stack, including in-house developed systems and third-party SaaS platforms. You will work with engineering teams to verify that permissions are correct and ensure evidence is gathered efficiently. Actively participate in external IT audits, specifically focusing on validating and documenting controls related to access management, change control, and system operations for key systems that handle financial data.

* Business Continuity & Disaster Recovery (BCDR):
Assist the CISO in maintaining and testing the firm's Business Continuity and Disaster Recovery plans, including documentation updates, tabletop exercises, and coordination with Infrastructure and Operations teams to ensure recovery time objectives (RTOs) are achievable.

Operational Support

* Policy Development: Assist in drafting and maintaining information security policies and procedures.

* Perform risk assessments and gap analyses for IT systems that handle PHI and financial data.

* Automate and monitor controls through scheduled reviews, scripts, or tooling to reduce manual effort and improve coverage.

* High-Touch Support: Experience directly supporting executives is valuable here; you will act as a bridge between the CISO and various business units, requiring professionalism and discretion.

AI & Innovation

* AI Governance: Support the CISO in defining the guardrails for Generative AI that balance innovation with risk (e.g., data leakage, appropriate use).

* Applied AI/Automation: Utilize prompt engineering and automation tools to streamline governance workflows. If you can script it or prompt it to save time, we want you to build it.

Requirements & Qualifications:

* Education:

Bachelor's degree in a related field or equivalent experience. While not required, preferred certifications include Security+, CISA, CRISC, or CISSP.

* Experience:

 2-4 years of experience in IT Governance, Risk & Compliance (GRC), IT Security Risk Management, Risk Audit, Data Privacy Investigation, Technology Risk, and/or Information Security (ideally with a background in Financial Services).

* Security Framework Knowledge:
Working familiarity with standard security frameworks such as NIST CSF, ISO 27001/27002, COBIT, SOC 2 type 2 and CIS controls, etc.

* Analytical

Skills:

Experience reviewing IT solution requirements and implementing security controls. Strong analytical and risk assessment skills with the ability to design compensating controls for security vulnerabilities and assess business impact…