À propos
OFFICE LOCATION:
Open
DEPARTMENT:
Information Security / Risk and Compliance
MANAGER : Director of Information Security / CISO
FLSA STATUS:
Full-Time/Exempt
position SUMMARY
:
The Information Security Analyst plays a key role in protecting the firm's digital assets, client data, and case-related information by implementing and maintaining security controls in alignment with the ISO 27001 Information Security Management System (ISMS). The analyst will proactively monitor, detect, and respond to security threats; ensure compliance with legal industry data protection standards; and support ongoing risk and compliance initiatives. This role is essential for maintaining client trust, ensuring the confidentiality of privileged information, and meeting both ethical and regulatory obligations in the legal sector.
ESSENTIAL FUNCTIONS AND JOB RESPONSIBILITIES: Security Monitoring & Incident Response Monitor networks, systems, and endpoints for potential threats using SIEM, EDR, and IDS/IPS tools. Analyze security alerts, investigate incidents, and coordinate timely response and remediation. Conduct root cause analyses and prepare post-incident reports. Maintain and test the Incident Response Plan as part of ISO 27001 continuous improvement. Participate in legal hold or eDiscovery-related security reviews when required. Risk Management & ISO 27001 Alignment Support the firm's Information Security Management System (ISMS) and contribute to maintaining ISO 27001 certification. Conduct periodic risk assessments, identifying potential threats to confidentiality, integrity, and availability of legal data. Document and monitor risk treatment plans and corrective actions. Participate in internal and external ISO audits by providing evidence and maintaining control documentation. Contribute to the ongoing maintenance of the Firm's risk register. Seek out opportunities for continuous improvement in processes and procedures. Vulnerability Management & Threat Intelligence Perform regular vulnerability scans and coordinate remediation with IT and service providers. Monitor industry-standard threat intelligence sources, cybersecurity forums, and dark web feeds for emerging risks, vulnerabilities, and threat actor activities targeting the legal sector. Track and report vulnerabilities relevant to law firms, third-party vendors, and legal technology platforms (e.g., document management systems, case management tools). Track and report on patch-management activity to be sure it aligns with required standards. Stay informed on evolving attack vectors such as business email compromise, ransomware, and data exfiltration threats impacting professional services firms. Governance, Policy, and Compliance Develop, maintain, and enforce security policies, procedures, and standards in accordance with ISO 27001 Annex A controls and policy lifecycle. Ensure adherence to data privacy laws (e.g., GDPR, CCPA) and client contractual obligations. Collaborate with legal teams to align information security practices with attorney-client privilege requirements and ethical obligations. Support third-party vendor risk assessments and due diligence processes. Security Awareness & Continuous Improvement Support the firm's security awareness training program and conduct periodic phishing simulations. Educate staff on secure handling of confidential documents and client communications. Contribute to the continuous improvement cycle of the ISMS by identifying opportunities for control enhancement. Keep up to date with the latest developments in cybersecurity, privacy law, and ISO frameworks. Access Control & Data Protection Manage and review access controls, ensuring least privilege and role-based access models are enforced. Monitor privileged accounts and perform periodic user access reviews. Work with IT to secure document repositories, collaboration tools, and cloud-based applications. Review and act as needed to on data loss prevention alerts from various tools. KNOWLEDGE AND SKILLS REQUIRED:
Strong analytical, problem-solving and investigative skills. Excellent communication and reporting abilities-capable of translating technical findings into business terms. Detail-oriented with a strong sense of confidentiality and ethical responsibility. Ability to collaborate effectively with attorneys, IT teams, and vendors. Continuous learning mindset-proactively tracks emerging cyber threats and regulatory changes. Timely detection and response to security incidents (MTTD/MTTR) as measured by meeting Help Desk ticketing SLAs. Maintenance and improvement of ISO 27001 certification and audit performance. Reduction in identified vulnerabilities and repeat findings. Compliance with firm and client data protection requirements. Engagement metrics from user awareness and training initiatives. EDUCATION AND EXPERIENCE REQUIREMENTS:
Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field. Equivalent experience considered. 2-8 years of experience in information technology, information security, risk management, or compliance within a professional services or legal environment preferred. Technical Skills: Experience with ISO 27001, NIST CSF, or CIS Controls. Proficiency with SIEM platforms (e.g., Splunk, Sentinel, LogRhythm). Strong understanding of network protocols, IDS/IPS, and endpoint security. Familiarity with vulnerability management tools (e.g., Qualys, Nessus) and ticketing workflows. Knowledge of encryption, DLP, and secure file transfer solutions used in legal environments. Understanding of cloud security concepts (Microsoft 365, Azure, or AWS). Familiarity with scripting/automation tools and techniques. Knowledge of EDR/XDR solutions and providers. Certifications (Preferred): CompTIA Security+ Certified Cisco Network Associate (CCNA) Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) ADDITIONAL INFORMATION:
Individual in this position will provide additional assistance and support as directed by their supervisor. This job description is subject to change at any time. Hybrid or remote work options depending on organizational policy such as the Firm's 4+4 initiative. May require travel to other offices or for industry conferences. Will require rotating on-call duties, occasional after-hours work during audits or compliance deadlines and out-of-band hours during an incident. Must adhere to strict confidentiality and ethical handling of client and firm data.
COMPENSATION:
The pay for this position will be determined based on relevant skills, experience, education, external market data, internal equity, and other job-related factors. The anticipated range for this role is $85k to $95k.
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.