Über
The Information Security Analyst plays a key role in protecting the firm's digital assets, client data, and case-related information by implementing and maintaining security controls in alignment with the ISO 27001 Information Security Management System (ISMS). The analyst will proactively monitor, detect, and respond to security threats; ensure compliance with legal industry data protection standards; and support ongoing risk and compliance initiatives. This role is essential for maintaining client trust, ensuring the confidentiality of privileged information, and meeting both ethical and regulatory obligations in the legal sector. Essential Functions And Job Responsibilities: Security Monitoring & Incident Response Risk Management & ISO 27001 Alignment Vulnerability Management & Threat Intelligence Governance, Policy, And Compliance Security Awareness & Continuous Improvement Access Control & Data Protection Knowledge And Skills Required: Strong analytical, problem-solving and investigative skills. Excellent communication and reporting abilitiescapable of translating technical findings into business terms. Detail-oriented with a strong sense of confidentiality and ethical responsibility. Ability to collaborate effectively with attorneys, IT teams, and vendors. Continuous learning mindsetproactively tracks emerging cyber threats and regulatory changes. Timely detection and response to security incidents (MTTD/MTTR) as measured by meeting Help Desk ticketing SLAs. Maintenance and improvement of ISO 27001 certification and audit performance. Reduction in identified vulnerabilities and repeat findings. Compliance with firm and client data protection requirements. Engagement metrics from user awareness and training initiatives. Education And Experience Requirements: Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field. Equivalent experience considered. 28 years of experience in information technology, information security, risk management, or compliance within a professional services or legal environment preferred. Technical Skills: Experience with ISO 27001, NIST CSF, or CIS Controls. Proficiency with SIEM platforms (e.g., Splunk, Sentinel, LogRhythm). Strong understanding of network protocols, IDS/IPS, and endpoint security. Familiarity with vulnerability management tools (e.g., Qualys, Nessus) and ticketing workflows. Knowledge of encryption, DLP, and secure file transfer solutions used in legal environments. Understanding of cloud security concepts (Microsoft 365, Azure, or AWS). Familiarity with scripting/automation tools and techniques. Knowledge of EDR/XDR solutions and providers. Certifications (Preferred): CompTIA Security+ Certified Cisco Network Associate (CCNA) Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Additional Information: Individual in this position will provide additional assistance and support as directed by their supervisor. This job description is subject to change at any time. Hybrid or remote work options depending on organizational policy such as the Firm's 4+4 initiative. May require travel to other offices or for industry conferences. Will require rotating on-call duties, occasional after-hours work during audits or compliance deadlines and out-of-band hours during an incident. Must adhere to strict confidentiality and ethical handling of client and firm data. Compensation: The pay for this position will be determined based on relevant skills, experience, education, external market data, internal equity, and other job-related factors. The anticipated range for this role is $85k to $95k.
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.