Information Security Analyst

The Information Security Analyst is a vital support role within the firm, reporting to the Information Security Governance Manager to support the firm’s information security framework. This hands-on position involves contributing to the maintenance and enhancement of the firm’s information security governance, risk, and compliance initiatives. Key responsibilities include responding to and managing client and vendor IT security assessments, assisting in risk management and remediation tracking, and developing cybersecurity awareness and phishing training programs. The analyst will also generate essential security metrics on a routine and periodic basis. With a strong technical background, this role requires collaboration with IT to ensure security priorities are aligned with the firm’s IT and business objectives, ultimately contributing to a secure technology environment for the firm’s employees and clients.

RESPONSIBILITIES

Maintain and update security policies, controls, and procedures to reflect the firm’s security environment and technological changes.

Respond to client security assessments, complete questionnaires, and support adjustments based on assessment outcomes.

Track remediation actions, controls, and configuration changes to comply with security, legal, and audit standards, including those for SOC2, NIST 800-53, and ISO 27001.

Support risk assessment activities by identifying IT risks and contribute to the management of the firm’s risk register and metrics.

Help conduct internal audits of security practices, ensuring adherence to established policies and addressing findings with corrective measures.

Provide support to external auditors by supplying necessary documentation and insights into the firm’s security practices.

Assist in the development and delivery of security awareness training for employees and support the maintenance of the firm’s security training initiatives.

Report on the information security environment to senior management, including incidents, vulnerability response times, and ongoing risk assessments.

Investigate and analyze security events, effectively respond to phishing attempts, and assist in pinpointing root causes to develop and implement strategies for prevention of future incidents.

Stay informed about current and future security threats and technological developments that could influence the firm’s security posture.

Assist in reviewing outside council guidelines and agreements to ensure the firm meets client security and compliance requirements.

Collaborate with various firm stakeholders, including legal teams and administration, to facilitate understanding and compliance with information security policies.

EXPERIENCE REQUIREMENTS

-Degree in information systems or equivalent work experience are a plus but not required.

-CGRC, SSCP, or equivalent certifications and/or experience are a plus but not required.

-3-5 years of experience in IT, data governance, or information security.

-Experience with data protection and privacy regulations, including GDPR, CCPA, and

applicable regulations.

-Experience in a law firm is preferred.