Artificial Intelligence (AI), Automation, Communication Skills, Computer Science, Detail Oriented, Documentation, Establish Priorities, External Audit, Information Technology & Information Systems, Internal Audit, Internet Security, Legal, Machine Tool, Presentation/Verbal Skills, Python Programming/Scripting Language, Regulatory Compliance, Regulatory Requirements, Risk, Risk Analysis, Scripting (Scripting Languages), Security Analysis, Security Monitoring, Security Policy, Team Player, Vendor/Supplier Evaluation, Windows PowerShell, Writing Skills
Bala Cynwyd (Philadelphia Area), Pennsylvania
As a Security Risk & Governance Analyst, you will be a key contributor to our Security Assurance team, doing hands-on work across the firm's cybersecurity governance, risk, and compliance (GRC) program. From day one you'll take on real work, contribute to the team's core efforts, and have a direct impact on the firm's security posture — while building the foundational skills for a long career in cybersecurity.
Success in this role hinges on your ability to collaborate with stakeholders across technical, legal, compliance, and operational teams. Working alongside experienced analysts, you'll contribute to security control assessments, third-party security assessments, and policy and exception reviews — gathering evidence, documenting findings, and tracking remediation. You'll help monitor the firm's adherence to cybersecurity regulatory requirements and internal policies, flagging areas of concern for stakeholder review, while also contributing to the automation and tooling that keeps our GRC program running efficiently.
A genuine interest in cybersecurity and risk - paired with curiosity, attention to detail, and a willingness to ask questions - will set you up for success. You'll thrive in our collaborative environment, where curiosity is celebrated and every challenge is an opportunity to grow. At Susquehanna, we invest in our people — you'll learn directly from experienced practitioners on a team that values curiosity over credentials.
In this role you will:
- Identify opportunities and build the tools to improve the efficiency and effectiveness of our GRC program through automation and AI (e.g., PowerShell, Python, and LLMs).
- Support the security policy exception and risk-decision workflow, gathering the information needed for stakeholder review.
- Support third-party (vendor) security assessments — gathering documentation, evaluating vendors' security controls, and summarizing identified risks for stakeholder review.
- Help manage security control gaps — assessing newly identified gaps, updating records, and tracking remediation to closure.
- Assist in coordinating internal and external audits, collecting documentation and tracking responses to findings.
- Help keep cybersecurity policies and standards current and accurate.
- Support security awareness and training efforts that promote strong cybersecurity behaviors across the firm.
What we’re looking for:
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field.
- 0–2 years of experience in cybersecurity, IT, risk, or compliance — internship, co-op, or academic experience welcome.
- Strong written and verbal communication skills, with the ability to document findings clearly and summarize information for different audiences.
- A foundational understanding of risk — how to assess it, weigh tradeoffs, and prioritize what matters.
- Scripting and automation skills (e.g., PowerShell, Python, AI) — you'll contribute and build new tooling for the team.
- Hands-on experience using AI tools to get work done more effectively.
If you're a recruiting agency and want to partner with us, please reach out to
recruiting@sig.com
. Any resume or referral submitted in the absence of a signed agreement will not be eligible for an agency fee.
#LI-RH1
S
Susquehanna International Group, LLP