Nashville, Tennessee

Job Description

The Risk & Compliance Analyst supports Pillsbury’s Governance, Risk & Compliance (GRC) program across risk management, policy governance, internal audit coordination, vendor risk intake, training and awareness initiatives, and business continuity documentation. This role supports both ISO 27001 and CMMC Level 2 programs with a balanced 50/50 focus on each framework.

In addition to core compliance operations, the analyst is responsible for maintaining and organizing BCP/DR documentation, coordinating updates from business and IT owners, and supporting reporting activities following exercises and continuity events.

KEY RESPONSIBILITIES

Risk Management & Governance

• Maintain and update the firm’s risk register, including risk scoring, treatment tracking, and monitoring for changes.

• Support formal risk assessments and assist with updates to the Statement of Applicability (SoA).

• Gather and consolidate risk-related inputs from IT, HR, Legal, SecOps, and business stakeholders.

Documentation & Policy Governance

• Manage lifecycle updates for information security policies, standards, and procedures including drafting, reviews, approvals, and version control.

• Maintain compliance documentation such as SSP updates, POA&M revisions, control narratives, and other required artifacts.

• Ensure governance documents remain accurate, consistently formatted, and aligned with framework requirements.

Audit Support

• Coordinate internal and external audit activities, including scheduling, evidence collection, and communication with SMEs.

• Track audit findings, corrective actions, and remediation progress.

• Maintain audit documentation repositories and ensure audit materials are consistently organized and audit-ready.

Vendor Risk Management

• Perform intake assessments for vendor security reviews and coordinate security questionnaires with vendors.

• Collect due-diligence documentation and track remediation or follow-up requirements.

• Support collaboration between Procurement, Legal, IT, and the GRC Manager.

Training & Awareness

• Assist with developing and distributing cybersecurity awareness content.

• Maintain training completion records and support reporting for required annual or event-driven trainings.

Business Continuity & Disaster Recovery (BCP/DR) Documentation & Reporting

• Maintain BCP/DR documentation including plans, Business Impact Analysis (BIA) updates, team rosters, and continuity-related inventories.

• Coordinate with business units and IT to collect updates for continuity plans and ensure documentation accuracy.

• Support post-exercise and post-incident reporting, capturing results, action items, and changes required to improve resilience.

• Organize and maintain evidence of continuity activities for compliance and audit purposes.

• Assist in coordinating tabletop exercises by managing documentation, capturing observations, and preparing reports for leadership review.

Cross-Functional Collaboration

• Work closely with HR, Legal, Procurement, IT, SecOps, and other internal stakeholders to support compliance operations.

• Support the GRC Manager on firm-wide governance, compliance initiatives, and regulatory readiness activities.

REQUIRED EDUCATION, KNOWLEDGE AND EXPERIENCE

• 2–5 years of experience in cybersecurity governance, compliance, risk management, or internal audit.

• Foundational knowledge of ISO 27001, NIST SP 800-171, or CMMC Level 2 requirements.

• Experience with GRC/IRM platforms (e.g., OneTrust, Archer, ServiceNow GRC).

• Strong documentation, writing, organizational, and version-control skills.

• Proficiency with Excel/Sheets for risk scoring, register management, and reporting.

• Ability to coordinate projects and collaborate across multiple functions.

• Experience using compliance workflow platforms such as FutureFeed.

• Experience supporting internal or external audits.

• Exposure to vendor risk management processes.

• Experience with internal audit or compliance management tools (e.g., AuditBoard, Workiva).

• Foundational compliance or security certifications (e.g., ISO 27001 Foundations, Security+, CMMC coursework).

REQUIRED SKILLS AND ABILITIES

• Excellent written and verbal communication

• Strong organizational skills

• Analytical and critical thinking

• Ability to collaborate across departments High ethical standards and professional discretion

• Ability to manage multiple tasks with competing deadlines

PHYSICAL REQUIREMENTS

• Ability to sit and stand for extended periods. 

• Ability to lift up to 20 pounds. 

Pillsbury Winthrop Shaw Pittman LLP is an Equal Opportunity Employer.

If you require an accommodation in order to apply for a position, please contact us at [email protected].