Risk and Compliance Administrator

Robins Kaplan • Minneapolis, Minnesota, United States • 4m ago

JOB PURPOSE:
As a Risk and Compliance Administrator you are highly motivated and detail-oriented, playing a crucial role in ensuring our company's adherence to the ISO 27001 framework and compliance with all relevant Information Security processes. This role involves identifying, assessing, and mitigating risks that could impact the organization's Information Technology operations, security and reputation. The Risk and Compliance Administrator will work closely with multiple departments to develop and implement effective risk management strategies, conduct regular audits, and provide recommendations for improvement.

Your role will focus on risk analysis and security processes, ensuring the protection of the company’s IT infrastructure. You will assist in identifying and mitigating security threats, conducting audits, and managing security tools to ensure that the organization’s data, networks, and systems remain secure.

You will play a key role in responding to security incidents, collaborating with the senior administrator to investigate, mitigate, and provide detailed follow-up for incidents. You will also contribute to policy and procedure development, helping to refine the organization's overall security posture and ensuring compliance with industry’s best practices.

ESSENTIAL FUNCTIONS:

Lead Internal Audits: Conduct annual security audits covering access controls (e.g., Active Directory), physical security (e.g., facility access), and vendor compliance to ensure adherence to regulatory frameworks.
Manage Compliance Programs: Oversee compliance with ISO 27001, NIST 800-xxx,CIS-xx and other applicable security standards, ensuring documentation, policies, and procedures align with industry requirements.
Risk Assessment & Mitigation: Identify security risks, evaluate impact, and develop actionable mitigation plans to enhance organizational security.
Policy & Procedure Governance: Own and maintain the Outside Counsel Guidelines (OCG) and internal security policies, ensuring alignment with legal and regulatory expectations.
Vendor Risk Management: Evaluate third-party vendors for security compliance, conduct risk assessments, and recommend necessary security controls.
Incident Response Support: Assist in investigating security incidents, performing root cause analysis, and implementing corrective actions.
Training & Awareness: Develop and deliver training sessions on security compliance, risk management, and audit readiness for internal teams.
Regulatory & Industry Monitoring: Stay up to date with emerging security regulations, industry trends, and best practices, ensuring proactive compliance adjustments.
Business Continuity & Disaster Recovery: Support business continuity planning (BCP) and disaster recovery (DR) strategies, ensuring resilience in security operations.
Reporting & Metrics: Prepare compliance reports for senior management, tracking key metrics such as audit compliance rates, risk reduction, and vendor security scores.

WORKING CONDITIONS:

Responsibilities occasionally require working outside normal working hours, sometimes with little notice and rarely with no notice.
Must be able to work as half of a two or more-person team to install and remove equipment.

KNOWLEDGE OR SKILLS REQUIRED:

Must have sound judgement and decision-making skills. Decisions made can have a noticeable effect firm-wide, and judgment call errors can require days to weeks to correct or reverse. Most decisions are expected to be made directly based on judgment calls and after working with peers to discuss the topic or issue at hand.
Must have the ability to work through, paying close attention to detail, track and follow up on complex and detailed work activities.
Strong knowledge of and prior use of Microsoft Office and Visio.
Excellent verbal and written communication skills, tact, discretion, dependability and confidentiality.

EDUCATION AND EXPERIENCE REQUIREMENTS:

Required:

1–3 years of experience in risk, compliance, or information security-related work.
Bachelor’s degree in Information Technology, Cybersecurity, Business, or a related field
Hands-on experience or exposure to frameworks such as ISO 27001, NIST, CIS, or CMMC through school, work, or training
Strong organizational skills and attention to detail, with the ability to manage multiple priorities

Preferred:

Entry-level certifications such as CISSP (Associate), Security+, CMMC-AB Certified Professional, or equivalent
Demonstrated interest in governance, risk, and compliance (e.g., coursework, student orgs, research, or certifications)
Experience documenting audits, managing compliance tasks, or working with vendor assessments

PHYSICAL DEMANDS OF POSITION:
Work is performed in a professional office environment and requires the following during the work day:

Must be able to remain in a stationary position for long periods of time (working at a computer)
Ability to move/traverse about inside the office intermittently throughout the day (attend meetings, access file cabinets, obtain supplies from supply room, etc.)
Operate computer and other office equipment such as a copy machine, printer, telephone, etc.
Repetitive movement (i.e. heavy computer/keyboard use).
Individual will interact regularly with others verbally, in-person, and via written communication.
Will require occasional light (files, copy paper, etc.) and heavier lifting individually or as part of a multi-person team.

IN ADDITION TO THE ESSENTIAL FUNCTIONS OUTLINED ABOVE:

Individual in this position will provide additional assistance and support as directed by his/her supervisor.
This job description is subject to change at any time.

The hourly pay rate for this position is $36.22 – $45.40 per hour, depending on experience. This is a non-exempt position eligible for overtime. Actual pay will be adjusted based on experience and other job-related factors permitted by law.

It is the policy of Robins Kaplan LLP to provide equal employment opportunities for all without regard to race, color, religion, gender, gender identity/expression, sexual orientation, age, national origin, disability or any other status protected by federal, state or local law. It is also our policy to work with individuals with disabilities when reasonable accommodations, sufficient to allow a person with a disability to perform the essential functions of their job, may be needed. It is our policy to be a workplace free from illegal discrimination and harassment.