Security amp Privacy Compliance Analyst

Profile

Security & Privacy Compliance Analyst

The candidate assists in implementing and managing the firm’s compliance framework, procedures and processes relating to information security and privacy. Implements and monitors the firm’s Information Security Management System (ISMS) according to the ISO 27001 standard, including preparing the firm for all audits and maintaining certification. Implements and monitors the firm’s Privacy Information Management System (PIMS) according to the ISO 27017 standard, including preparing the firm for all audits and maintaining certification. Develops, tests, documents, evaluates, tracks and improves information security controls for all information technology resources, applications, privacy and security protocols. Develops and tracks security metrics to monitor Information Security program performance. Implements security audit guidelines and workflow process, testing the capability, reliability and effectiveness of the firm's security systems, applications, protocols and procedures. Assists with periodic risk assessments, risk treatment plans, and completion of risk treatment activities. Collaborates with appropriate stakeholders to document and implement necessary policies and procedures to comply with ISO 27001 standards and to maintain certification. Reviews and manages security requirements in third-party guidelines and agreements. Works with appropriate personnel to respond to client generated security assessments. Assists with the firm’s Vendor Risk Management program to ensure firm vendors meet the firm’s security and confidentiality requirements. Undergraduate degree in computer science, information technology, related subject matters or equivalent work experience is required. Should have 2+ years of experience in an information security and / or privacy role, preferably in a law firm or other environment involving critical data and confidentiality management requirements. Experience managing and responding to audits and other tests of security controls, developing audit plans and procedures, and reporting the results of such audits is required. Experience writing/developing security / privacy policies and procedures is required. Knowledge of information security controls and standards, particularly ISO 27001/27002 is required. Knowledge of privacy frameworks, particularly ISO 27017, rules and regulations related to privacy (e.g., HIPAA, GDPR) is required. General knowledge of enterprise security technologies, including SIEM, IDS/IPS systems and firewalls, antivirus, enterprise vulnerability scanning and testing, data at rest encryption technologies, etc. is required. CISSP, CISM, CRISC, CISA, GIAC, or other security certifications is desired.

Company info

Jenner & Block, L.L.P.
1099 New York Avenue, N.W. Suite 900
Washington
District of Columbia
United States 20001-4412
Website : https://jenner.com/