Associate - Governance, Risk & Compliance

BTVK Advisory is a leading advisory firm whose specialized professionals guide clients through an ever-changing business world, helping them win now and anticipate tomorrow. BTVK Advisory, and its affiliated entities, have operations in North America, South America, Europe, Asia, and Australia. BTVK Advisory’s ultimate parent entity, Baker Tilly US, LLP, is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 141 territories, with 43,000 professionals and a combined worldwide revenue of $5.2 billion.

 
Baker Tilly is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status, gender identity, sexual orientation, or any other legally protected basis, in accordance with applicable federal, state or local law.

To be added to all ET through Experienced requisitions Any unsolicited resumes submitted through our website or to Baker Tilly Advisory Group, LP, employee e-mail accounts are considered property of Baker Tilly Advisory Group, LP, and are not subject to payment of agency fees. In order to be an authorized recruitment agency ("search firm") for Baker Tilly Advisory Group, LP, there must be a formal written agreement in place and the agency must be invited, by Baker Tilly's Talent Attraction team, to submit candidates for review via our applicant tracking system.

Responsibilities:

• Support Baker Tilly One India's third-party risk management program, including vendor onboarding, risk assessments, due diligence reviews, ongoing monitoring, and periodic reassessments.
• Review vendor documentation, including SOC 2 Type II reports, security and privacy policies, architectural diagrams, penetration test reports and detailed ISO reports to identify risks and control gaps with critical suppliers.
• Maintain accurate third-party risk records, documentation, remediation items, approvals and supporting evidence within Baker Tilly's Third-Party Risk Management tool.
• Coordinate with key stakeholders to ensure accurate and timely response to client due diligence requests, security questionnaires, RFP and client audit inquiries.
• Maintain and update standard response libraries, supporting documentation, policies, certifications, and evidence used for client due diligence.
• Assist with supporting legal in the review of contracts, master service agreements, vendor agreements, client agreements, data protection agreements, security addendum, and related documents.
• Identify contract language related to information security, privacy, audit rights, data protection, regulatory compliance, breach notification, subcontractors, business continuity, insurance, and third-party obligations.
• Support audit and compliance activities related to frameworks and programs such as SOC 2 Type II, ISO 27001, NIST Cybersecurity Framework, HIPAA, CMMC, HITRUST, PCI-DSS, SOX, and other client, regulatory, contractual, or industry-specific compliance programs.
• Work with control owners and performers to monitor control compliance including updating control meta-data, delinquent controls.
• Facilitate external audits through the coordination of audit partners, control owners and performers.
• Prepare status updates, metrics, dashboards, and summaries for management review.
• Maintain risk registers, prioritize and conduct work using Baker Tilly’s centralized ticketing platform
• Assist in preparing materials for audit updates, client reviews, and leadership reporting.
• Support the development and maintenance of Cybersecurity Risk policies, procedures, standards, templates, and process documentation.
• Identify opportunities to improve workflow efficiency, evidence management, reporting, and stakeholder communication, and continued use of AI business process tools.
   

Qualifications :

• Bachelor’s degree in information technology systems, cybersecurity, risk management, internal audit or a related field required.
• 2 years of experience in a highly functioning team providing third-party risk management, governance, risk and compliance, IT audit, internal audit, or cybersecurity and control assessment work efforts required.
• Familiarity with one or more audit, security, privacy, or compliance frameworks such as SOC 2, ISO 27001, NIST CSF, HIPAA, CMMC, HITRUST, PCI-DSS, or SOX required.
• Ability to work collaboratively with cross-functional teams using strong written and verbal communication skills, including the ability to draft clear responses to clients, vendors, auditors, and internal stakeholders.
• Strong attention to detail and ability to manage multiple priorities, deadlines, and information requests.
• Ability to analyze documentation, identify risks, and summarize findings clearly.
• Experience using GRC, AI productivity, vendor risk management, audit management, ticketing and workflow tools preferred.
• Experience in responding to client security questionnaires, RFPs, or audit inquiries preferred.
• Experience reviewing vendor documentation such as SOC 1 & 2 reports, ISO certificates, penetration test summaries, business continuity plans, cybersecurity policies, data flow diagrams, or privacy documentation preferred.
• Basic understanding of contract terms related to cybersecurity, privacy, confidentiality, data processing, audit rights, breach notification, and regulatory compliance preferred.
• Familiar with cybersecurity best practices, and basic principles of confidentiality, integrity and availability.
• Certifications such as CISA, CRISC, CISSP, CTPRP or other relevant credentials preferred.