Technology, Associate, IT Governance, Risk and Compliance (GRC)

Job Purpose:
BTIG is seeking an Associate who will help lead and evolve the governance engine of a global, mid-sized investment bank to support our next phase of growth.  You will report directly to the CISO and be responsible for security assurance, compliance operations, and technology risk management.  You will help maintain control readiness, perform testing and evidence collection, and support risk and vendor assessments for internally developed systems and SaaS applications.  Your work will directly protect the firm's reputation and enable its business.  We don’t expect you to know every regulatory framework on day one. We do expect you to write exceptionally well, ask smart questions, and possess the grit to see difficult tasks through completion. 

Duties & Responsibilities:

IT Governance, Risk and Compliance (GRC) 

• Third-Party Risk Management (TPRM): Own the vendor security review process.  You will assess third-party vendors to ensure compliance with the firm's standards, requiring understanding of our core business processes, attention to detail, and the persistence to chase down answers. Obtain and meticulously review SOC reports (e.g., SOC 1, SOC 2) for critical third-party service providers, evaluating their adherence to 'Complementary Controls at User Entities' and ensuring our internal alignment. 
• Client & Regulatory Due Diligence: Support the completion of external security questionnaires.  You will articulate BTIG’s security posture to institutional clients and regulators, translating technical controls into clear, professional narratives. 
• IT Controls & Audit Collaboration: Assist with internal SOX IT controls audits and access control reviews across our technology stack, including in-house developed systems and third-party SaaS platforms.  You will work with engineering teams to verify that permissions are correct and ensure evidence is gathered efficiently. Actively participate in external IT audits, specifically focusing on validating and documenting controls related to access management, change control, and system operations for key systems that handle financial data. 
• Business Continuity & Disaster Recovery (BCDR): Assist the CISO in maintaining and testing the firm's Business Continuity and Disaster Recovery plans, including documentation updates, tabletop exercises, and coordination with Infrastructure and Operations teams to ensure recovery time objectives (RTOs) are achievable. 

Operational Support 

• Policy Development: Assist in drafting and maintaining information security policies and procedures. 
• Perform risk assessments and gap analyses for IT systems that handle PHI and financial data. 
• Automate and monitor controls through scheduled reviews, scripts, or tooling to reduce manual effort and improve coverage. 
• High-Touch Support: Experience directly supporting executives is valuable here; you will act as a bridge between the CISO and various business units, requiring professionalism and discretion. 

AI & Innovation 

• AI Governance: Support the CISO in defining the guardrails for Generative AI that balance innovation with risk (e.g., data leakage, appropriate use). 
• Applied AI/Automation: Utilize prompt engineering and automation tools to streamline governance workflows. If you can script it or prompt it to save time, we want you to build it. 

Requirements & Qualifications:

• Education: Bachelor’s degree in a related field or equivalent experience. While not required, preferred certifications include Security+, CISA, CRISC, or CISSP. 
• Experience: 2–4 years of experience in IT Governance, Risk & Compliance (GRC), IT Security Risk Management, Risk Audit, Data Privacy Investigation, Technology Risk, and/or Information Security (ideally with a background in Financial Services). 
• Security Framework Knowledge: Working familiarity with standard security frameworks such as NIST CSF, ISO 27001/27002, COBIT, SOC 2 type 2 and CIS controls, etc. 
• Analytical Skills: Experience reviewing IT solution requirements and implementing security controls. Strong analytical and risk assessment skills with the ability to design compensating controls for security vulnerabilities and assess business impact of security tools and policies. 
• General Technical Proficiency: Microsoft Office 365 and associated applications; Excel, Teams, Forms, PowerQuery, etc. 
• Growth Mindset: You are resilient and don't get discouraged by manual processes; you look for ways to optimize them. 
• Communication: Excellent written communication is non-negotiable. You must be able to explain complex technical risks to non-technical stakeholders clearly and concisely. 
• AI Familiarity: Demonstrated interest or experience with LLMs (ChatGPT, Claude, Copilot). Experience with prompt engineering or Python scripting for automation is highly valued. 
• Curiosity: You read about LLM risks, changing regulations or new breaches for fun. You are technically apt enough to converse with engineers but focused on governance. You never have enough knowledge about the business or systems you help oversee. 

Important Notes:

• Must be authorized to work full time in the U.S., BTIG does not offer sponsorship for work visas of any type
• No phone calls please, the applicant will be contacted within two weeks if successful

About BTIG:

BTIG is a global financial services firm specializing in institutional trading, investment banking, research and related brokerage services. With an extensive global footprint and more than 700 employees, BTIG, LLC and its affiliates operate out of 20 cities throughout the U.S., and in Europe, Asia and Australia. BTIG offers execution, expertise and insights for equities, equity derivatives, ETFs and fixed income, currency and commodities. The firm’s core capabilities include global execution, portfolio, electronic and outsource trading, investment banking, prime brokerage, capital introduction, corporate access, research and strategy, commission management and more.
 
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. BTIG is an equal opportunity employer Minorities/Females/People with Disabilities/Protected Veterans/Sexual Orientation/Gender Identity.

Compensation: 

• BTIG offers a competitive compensation and benefits package. Salary range is based on a variety of factors including, but not limited to, location, years of applicable experience, skills, qualifications, licensure and certifications, and other business and organization needs.
• The current estimated base salary range for this role is $110,000.00 - $140,000.00 per year. Please note that certain positions are eligible for additional forms of compensation such as discretionary bonus or overtime. 

Disclaimer: https://www.btig.com/disclaimer.aspx.