Information Security Compliance Analyst

Department of a leading, global, law firm has an opening for an Information Security Compliance Analyst. The Compliance Analyst is responsible for the technical and administrative support for the development, implementation, and performance of compliance review and audit processes related to the Firm and client information security requirements.  Responsibilities include but are not limited to:  analyzing, testing, and verifying security logs and databases; developing test plans for all phases of unit testing, acceptance testing and implementation of projects related to information security; assisting in the creation of compliance procedures and documentation for internal information security procedures; collecting and providing evidence for client and Firm questionnaires, audits, and incident investigations; maintaining accurate and current compliance documentation for required activities and functions as directed by the Director of Information Risk Management; providing audit responses based on the direction given by the Director of Information Risk Management; recommending process changes needed to maintain compliance and participating in communication with clients with respect to information security questionnaires and audits. 

Qualifications

• College degree preferred; equivalent experience will be considered.
• Minimum of three years of experience in legal, compliance, or information security.
• Demonstrated knowledge of information security solutions or confidentiality requirements.
• Demonstrated effective resource and project planning and decision making.
• Proven ability to stay current with relevant technology and innovation related to information security.
• Demonstrated ability to identify, inquire, research and use independent judgment regarding issues that are challenging to identify or where facts may be insufficient and misleading.
• Possesses excellent written, oral, and interpersonal communication skills with proven ability to champion causes with positive impact and change.
• Possesses knowledge of or an interest in developing knowledge of information security standards and methodologies including security processes, tools and latest technologies.
• Demonstrated experience gathering and analyzing and synthesizing large amounts of data, generating reports, presenting information and providing recommendations.
• Demonstrated experience maintaining and updating policies and procedures.
• Demonstrated experience handling sensitive or confidential information.
• Demonstrated experience maintaining records of regulatory compliance.
• Demonstrated proficiency with Microsoft Word, Excel, and PowerPoint.
• Flexibility to work additional hours as needed.