Information Security Risk & Compliance Analyst

Ropes & Gray is a preeminent global law firm recognized for its excellence in various legal practices. The Information Security Risk & Compliance Analyst will assist in managing the firm’s data security, compliance, and risk management programs, supporting initiatives related to information security and privacy.

Responsibilities

• Assist in maintaining the firm’s ISO 27001:2022 Information Security Management System, assist with SOC2 audit preparedness and SOC2 audit completion, and support additional compliance activities as needed
• Support the firm’s initiatives to be at the forefront of GenAI and legal technology, reviewing vendor offerings and providing guidance on secure-by-design principals that meet or exceed industry standards
• Support monitoring of the firm’s policies and procedures
• Help coordinate vulnerability management activities with guidance from other team functional areas
• Assist in vendor risk management program tasks
• Support responses to client audits, client RFPs, and related requests
• Help coordinate third party technical risk assessments and audit activities
• Assist in producing and maintaining information security documentation, including policies, procedures, standards, guidelines, and diagrams
• Help assess potential items of risk and opportunities of vulnerability in the network
• Assist in Change Management and architecture reviews of new and existing firm technology
• Participate in knowledge transfer sessions and training with senior team members
• Promote a culture of information security across business units under guidance
• Learn about the role of systems and technology within the firm and their value to the business
• Pursue relevant security certifications and attend industry seminars and continuing education events as assigned
• Perform other related duties as assigned

Skills

• Bachelor of Science in a technology-related discipline or 1-2 years of relevant experience
• 1-2 years of experience in information security, IT risk management, or IT support
• Basic knowledge of ISO 27001:2022 and risk management frameworks (ISO 27005, NIST, COBIT 5)
• Knowledge of SOCII audit criteria and procedures
• Basic understanding of HIPAA and data security regulations
• Familiarity with Microsoft, Cisco, Unix/Linux, and mobile technologies
• Strong written and oral communication skills
• Organized, responsive, and willing to learn
• Security certification (such as Security+, SSCP, or similar) preferred but not required

Benefits

• Comprehensive health and well-being benefits
• Personal and professional development
• Career growth opportunities
• A collegial and supportive culture
• Discretionary bonus based on performance

Company Overview

Company H1B Sponsorship