Information Security Compliance Analyst
About The Position
DLA Piper is, at its core, bold, exceptional, collaborative and supportive. Our people are the backbone, heart and soul of our firm. Wherever you are in your professional journey, DLA Piper is a place you can engage in meaningful work and grow your career. Let’s see what we can achieve. Together. Summary The Information Security Compliance Analyst will assist with assessing, monitoring and executing a portion of the Information Security Program. This includes specific activities such as conducting risk assessments, internal/external compliance assessments, and the day-to-day operation of the vendor and security awareness programs. This position is also responsible for working closely with all physical security resources as well as the IT department to conduct and monitor key controls related to data loss, leakage and insider threat. A high level of personal organization, persistence, communications, and attention to detail is a must. Location This position can sit in our Baltimore, Washington D.C., or Northern Virginia office(s) and offers a hybrid work schedule.
Requirements
- Experience in ISO27001 and NIST Frameworks; compliance training or certifications; security auditing; project management
- Background in computer management, information assurance
- Knowledge of information security principles including risk assessment and management, threat and vulnerability management, and incident response
- Experience in developing, documenting, and maintaining security procedures
- A proven record as an effective communicator both verbal and written
- Ability to prioritize and execute tasks in a high-pressure environment
- Strong analytical mindset
- Ability to work in a team-oriented, collaborative environment
- Understanding of how to develop metrics to measure the success of an information security program
- Ability to work independently and has strong workflow management
- Ability to exercise good judgement and appropriate decision making within scope of job
- Bachelor’s Degree in Information Security, Cybersecurity or similar fields
- 2+ years of IT experience
- 3+ years of demonstrated hands-on experience working in IT security, IT risk or IT Audit space
Nice To Haves
- Experience with Drata preferred
- Master’s Degree in Information Security, Cybersecurity or similar fields preferred
- Professional-level industry certification (e.g. CISSP, GIAC, SANS, etc.) preferred
Responsibilities
- Performs technology risk assessment activities such as access control audits for systems, applications, infrastructure and operational processes
- Maintain a current working knowledge of applicable privacy laws and monitor advancements information privacy and security technologies to ensure adaptation and compliance
- Develop and deliver security awareness and compliance training programs.
- Support vendor-focused risk assessments that evaluates the environment and estimate the level and trends of inherent risk
- Proactively identify vendor-related risk across the assigned internal and external projects
- Work with security awareness partners to create innovative security awareness and training materials, tools and processes that assist in effectively changes behaviors
- Documenting compliance findings and risks, as well as championing recommendations for remediation
- Assist in evaluating any related external frameworks or standards or internal policies/standards to determine the relevant IT compliance requirements and controls
- Participate in the change management process ensuring that all releases are compliant with security standards
- Provide strategic and tactical direction and consultation on information security and compliance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
