Risk and Compliance Analyst

The Risk and Compliance Analyst supports security, risk, and compliance initiatives within Relativity’s control landscape and reinforces the development and maintenance of Calder7’s security standards in the Legal Tech industry.

• Bachelor’s degree in Risk Management, Information Systems, Cybersecurity, or related field.
• 1-3+ years of professional experience in risk management, internal audit, or compliance.
• Familiarity with risk and control frameworks, including ISO/IEC 27001/27018 and/or comparable frameworks (e.g., NIST 800-53, SOC 2).
• Ability to translate control requirements into repeatable, scalable technical implementations and partner effectively with Security Engineering, IT, and Product teams.
• Strong written and verbal communication skills to articulate risk to technical and non-technical stakeholders.
• Ability to translate complex regulatory requirements into practical, scalable solutions.
• Knowledge of key principles of information technology/security general controls, including change management, access to programs and data, segregation of duties, asset management, computer operations, encryption practices, and secure systems development.
• Advanced knowledge of Microsoft Office software applications.
• Strong communication and interpersonal skills.

Preferred qualifications:

• Proficiency with scripting or query languages (e.g., Python, PowerShell, SQL) and experience integrating GRC tooling with audit, ticketing, or asset management systems via APIs.
• Experience designing or supporting automated evidence collection workflows for audits, control testing, or continuous compliance programs.
• Current security certifications such as CISA, Security+, Network+, Project+, or other relevant security certifications.
• Experience working with internal/external auditors.
• Ability to work efficiently under pressure, drive projects to completion, and meet deadlines.
• Strong problem-solving and critical thinking skills.

• Coordinate the effective and efficient tracking of the company’s information security management program and compliance-related activities, including reviews, evidence tracking, performance monitoring, risk assessments.
• Perform control testing and process audit, operational process reviews and review system implementations and applications.
• Identify control evidence suitable for automation and partner with control owners to replace manual submissions with system‑sourced evidence.
• Design and maintain integrations between GRC tooling (e.g., LogicGate) and source systems such as identity platforms, cloud infrastructure, ticketing systems, and vulnerability tools using APIs, scripts, or workflows.
• Build and recommend enhancements to the information security management program and workflow tools.
• Coordinate deployment and measurement of information security control standards across the company as appropriate.
• Maintain accurate audit control testing files and risk rating for identified exceptions.
• Balance risk and creativity while responding quickly to business and technical opportunities.
• Demonstrate consistent commitment to core company values.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or any other legally protected basis, in accordance with applicable law.