About
A leading law firm is seeking an Information Security Analyst to help safeguard the firm's digital infrastructure, client data, and confidential case information. This role supports the firm's Information Security Management System (ISMS) and plays a critical part in monitoring security threats, maintaining compliance with industry standards, and strengthening overall cybersecurity practices. The ideal candidate will combine technical expertise with a proactive, risk-focused mindset to support a secure legal environment.
Responsibilities
Security Monitoring & Incident Response
Monitor networks, systems, and endpoints using security tools to detect and respond to potential threats.
Investigate security alerts, coordinate incident response, and support remediation efforts.
Conduct root cause analyses and prepare incident documentation and reports.
Support the maintenance and testing of the firm's incident response procedures. Risk Management & Compliance
Assist in maintaining the firm's Information Security Management System (ISMS) and support ISO-based compliance initiatives.
Conduct periodic risk assessments and help track remediation plans and corrective actions.
Participate in internal and external security audits and maintain documentation of security controls.
Support vendor risk assessments and security due diligence processes. Vulnerability & Threat Management
Perform vulnerability scans and coordinate remediation with IT teams and vendors.
Monitor cybersecurity threat intelligence sources and track emerging risks affecting the legal industry.
Support patch management and vulnerability reporting processes. Governance & Security Awareness
Assist with developing and maintaining information security policies and procedures.
Support compliance with data privacy regulations and client security requirements.
Contribute to security awareness initiatives and help educate staff on secure data handling practices. Access Control & Data Protection
Review and maintain user access permissions following least-privilege principles.
Assist with monitoring privileged accounts and conducting periodic access reviews.
Support data protection initiatives including document security, collaboration tools, and cloud applications. Requirements
Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field, or equivalent experience.
2-8 years of experience in information security, IT security, risk management, or compliance.
Experience with security frameworks such as ISO 27001, NIST CSF, or CIS Controls.
Familiarity with SIEM platforms, endpoint security tools, and vulnerability management systems.
Knowledge of network security, encryption, and data protection practices.
Understanding of cloud security environments such as Microsoft 365, Azure, or AWS.
Strong analytical, problem-solving, and communication skills.
Ability to collaborate effectively with IT teams, attorneys, and business stakeholders. Preferred Certifications
CompTIA Security+
SSCP or CISSP
CCNA or similar security/network certification
Languages
- English
Notice for Users
This job comes from a TieTalent partner platform. Click "Apply Now" to submit your application directly on their site.