Information Security Risk & Compliance Analyst

About The Position

Requirements

• Bachelor of Science in a technology-related discipline or 1-2 years of relevant experience
• 1-2 years of experience in information security, IT risk management, or IT support
• Basic knowledge of ISO 27001:2022 and risk management frameworks (ISO 27005, NIST, COBIT 5).
• Knowledge of SOCII audit criteria and procedures.
• Basic understanding of HIPAA and data security regulations
• Familiarity with Microsoft, Cisco, Unix/Linux, and mobile technologies
• Strong written and oral communication skills
• Organized, responsive, and willing to learn
• Ability to relate to non-technical users in user-friendly language
• Ability to understand technical implications of security threats with guidance
• Ability to manage multiple tasks and prioritize under supervision
• Ability to maintain confidentiality of internal and personnel affairs
• Ability to work well with others and contribute to team spirit
• Self-motivated and eager to develop professionally
• Ability to work in a multi-office environment and willingness to travel as required
• Ability to work effectively in a culturally and educationally diverse environment

Nice To Haves

• Security certification (such as Security+, SSCP, or similar) preferred but not required

Responsibilities

• Assist in maintaining the firm’s ISO 27001:2022 Information Security Management System, assist with SOC2 audit preparedness and SOC2 audit completion, and support additional compliance activities as needed.
• Support the firm’s initiatives to be at the forefront of GenAI and legal technology, reviewing vendor offerings and providing guidance on secure-by-design principals that meet or exceed industry standards.
• Support monitoring of the firm’s policies and procedures.
• Help coordinate vulnerability management activities with guidance from other team functional areas.
• Assist in vendor risk management program tasks.
• Support responses to client audits, client RFPs, and related requests.
• Help coordinate third party technical risk assessments and audit activities.
• Assist in producing and maintaining information security documentation, including policies, procedures, standards, guidelines, and diagrams.
• Help assess potential items of risk and opportunities of vulnerability in the network
• Assist in Change Management and architecture reviews of new and existing firm technology.
• Participate in knowledge transfer sessions and training with senior team members.
• Promote a culture of information security across business units under guidance.
• Learn about the role of systems and technology within the firm and their value to the business.
• Pursue relevant security certifications and attend industry seminars and continuing education events as assigned.
• Perform other related duties as assigned.

Benefits

• Ropes & Gray is proud to offer a comprehensive Total Rewards package to our business support team members.
• The firm also offers comprehensive health and well-being benefits, personal and professional development, career growth opportunities and a collegial and supportive culture.