Governance Risk and Compliance Senior Specialist

About CohnReznick

CohnReznick LLP and CohnReznick Advisory LLC are leading professional services firms providing assurance, tax, and advisory services. With a nationwide presence, the firm helps clients optimize performance, manage risk, and maximize value by leveraging deep industry knowledge and innovative solutions. CohnReznick is part of Nexia International.

Job Opportunity

CohnReznick is seeking a Governance, Risk, and Compliance Senior Specialist to join its Legal & Risk team. This is a remote position, though occasional in-office presence may be required for client work, meetings, or training.

Your Team: Governance, Risk & Compliance

This role is integral to the Governance, Risk & Compliance team, focusing on enhancing the organization's security and compliance initiatives. You will be a key contributor to the security awareness training and third-party risk management programs.

Why CohnReznick?

CohnReznick fosters a culture of opportunity, value, and trust. We prioritize a healthy work-life balance with a comprehensive Total Rewards package, including generous PTO, flexible work environment, expanded parental leave, extensive learning and development, and paid volunteer time off.

Your Role: Responsibilities

• Conduct third-party risk assessments, analyzing vendor practices to identify and mitigate potential risks.
• Manage and maintain dashboards, trackers, and logs for compliance activities, including risk assessments and training metrics.
• Review and recommend updates to standard operating procedures related to IT governance, security awareness, and vendor risk management.
• Serve as a point of contact for internal and external stakeholders on third-party compliance matters and security awareness initiatives.
• Provide insights and recommendations for process improvements and contribute to the development of automation tools for tracking compliance metrics.
• Act as back-up support for distributing security awareness training communications as needed.
• Coordinate vendor information requests and follow-ups, ensuring timely collection of security artifacts and responses to questionnaires.
• Track third-party remediation items and exceptions, preparing status updates and escalating risks when appropriate.
• Support periodic reporting (e.g., program metrics, trends, and key risks) for leadership and governance forums.
• Assist with policy, standard, and control documentation by gathering evidence and maintaining organized, audit-ready records.
• Partner with Procurement, Legal, IT, and Information Security to align third-party reviews with contracting and onboarding timelines.

Your Experience: Qualifications

**Required:**

• Proven ability to manage multiple projects and meet deadlines in a dynamic environment.
• Strong interpersonal skills and ability to work collaboratively across teams and with external vendors.
• Highly organized; capable of prioritizing and executing tasks efficiently with effective time management.
• Ability to handle confidential matters with discretion.
• Strong written and verbal communication skills, able to translate technical and compliance concepts for non-technical audiences.
• Working knowledge of third-party risk management concepts (e.g., due diligence, risk tiering, remediation tracking) and ability to learn internal methodologies quickly.
• Proficiency with Microsoft Office tools (Excel, PowerPoint, Word) and experience maintaining trackers, dashboards, and status reporting.
• Experience reviewing vendor security documentation (e.g., SOC reports, security questionnaires) and summarizing findings.
• Ability to document processes and maintain clear audit-ready evidence.
• Strong analytical and problem-solving skills with attention to detail.
• Comfort working with cross-functional partners (IT, Security, Procurement, Legal) to drive vendor follow-ups.

**Preferred:**

• Bachelor’s degree in Information Technology, Business Administration, or related field, or 3-5 years of equivalent experience.
• Third-Party Risk Management program implementation experience.
• Business Resiliency experience or related experience.
• Familiarity with security frameworks (e.g., NIST, ISO 27001) and regulatory standards (e.g., PCI, HIPAA).

Commitment to Diversity and Inclusion

CohnReznick is committed to building a diverse, equitable, and inclusive workplace. We encourage all qualified candidates to apply, even if their experience doesn't align perfectly with every qualification. We are an equal opportunity employer and value diversity.

Key skills/competency

• Third-Party Risk Management
• IT Governance
• Security Awareness Training
• Compliance
• Risk Assessment
• Vendor Management
• Process Improvement
• Audit
• Information Security
• Regulatory Standards