Technology, Associate, IT Governance, Risk and Compliance (GRC)

About the role

Job Purpose: BTIG is seeking an Associate who will help lead and evolve the governance engine of a global, mid-sized investment bank to support our next phase of growth. You will report directly to the CISO and be responsible for security assurance, compliance operations, and technology risk management . You will help maintain control readiness, perform testing and evidence collection, and support risk and vendor assessments for internally developed systems and SaaS applications. Your work will directly protect the firm's reputation and enable its business. We don ' t expect you to know every regulatory framework on day one. We do expect you to write exceptionally well, ask smart questions, and possess the grit to see difficult tasks through completion. Duties & Responsibilities: IT Governance, Risk and Compliance (GRC) Third-Party Risk Management (TPRM): Own the vendor security review process. You will assess third-party vendors to ensure compliance with the firm's standards, requiring understanding of our core business processes, attention to detail, and the persistence to chase down answers. Obtain and meticulously review SOC reports (e.g., SOC 1, SOC 2) for critical third-party service providers, evaluating their adherence to 'Complementary Controls at User Entities' and ensuring our internal alignment. Client & Regulatory Due Diligence: Support the completion of external security questionnaires. You will articulate BTIG's security posture to institutional clients and regulators, translating technical controls into clear, professional narratives. IT Controls & Audit Collaboration: Assist with internal SOX IT controls audits and access control reviews across our technology stack, including in-house developed systems and third-party SaaS platforms. You will work with engineering teams to verify that permissions are correct and ensure evidence is gathered efficiently. Actively participate in external IT audits, specifically focusing on validating and documenting controls related to access management, change control, and system operations for key systems that handle financial data. Business Continuity & Disaster Recovery (BCDR) : Assist the CISO in maintaining and testing the firm's Business Continuity and Disaster Recovery plans, including documentation updates, tabletop exercises, and coordination with Infrastructure and Operations teams to ensure recovery time objectives (RTOs) are achievable. Operational Support Policy Development: Assist in drafting and maintaining information security policies and procedures. Perform risk assessments and gap analyses for IT systems that handle PHI and financial data. Automate and monitor controls through scheduled reviews, scripts, or tooling to reduce manual effort and improve coverage. High-Touch Support: Experience directly supporting executives is valuable here; you will act as a bridge between the CISO and various business units, requiring professionalism and discretion. AI & Innovation AI Governance: Support the CISO in defining the guardrails for Generative AI that balance innovation with risk (e.g., data leakage, appropriate use). Applied AI/Automation: Utilize prompt engineering and automation tools to streamline governance workflows. If you can script it or prompt it to save time, we want you to build it. Requirements & Qualifications: Education : Bachelor's degree in a related field or equivalent experience . While not required, preferred certifications include Security+, CISA, CRISC, or CISSP. Experience: 2-4 years of experience in IT Governance, Risk & Compliance (GRC), IT Security Risk Management, Risk Audit, Data Privacy Investigation, Technology Risk, and/or Information Security (ideally with a background in Financial Services). Security Framework Knowledge: Working familiarity with standard security frameworks such as NIST CSF, ISO 27001/27002, COBIT, SOC 2 type 2 and CIS controls, etc. Analytical Skills: Experience reviewing IT solution requirements and implementing security controls. Strong analytical and risk assessment skills with the ability to design compensating controls for security vulnerabilities and assess business impact of security tools and policies. General Technical Proficiency: Microsoft Office 365 and associated applications; Excel, Teams, Forms, PowerQuery, etc. Growth Mindset: You are resilient and don't get discouraged by manual processes; you look for ways to optimize them. Communication: Excellent written communication is non-negotiable. You must be able to explain complex technical risks to non-technical stakeholders clearly and concisely. AI Familiarity: Demonstrated interest or experience with LLMs (ChatGPT, Claude, Copilot). Experience with prompt engineering or Python scripting for automation is highly valued. Curiosity: You read about LLM risks, changing regulations or new breaches for fun. You are technically apt enough to converse with engineers but focused on governance. You never have enough kno

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at btig27? Share your experience