Information Security Risk Analyst
New York, NY 10017
Top Firm in NYC has a full-time opportunity for an experienced Information Security Risk Analyst.
This is a direct hire career opportunity with a high profile firm that offers competitive compensation (120-140K+ bonus) and a very strong benefits package.
You will be responsible for over site of the firm' s data security compliance and risk assessment programs used to provide information security, ensure privacy and facilitate data governance.
You will report to the Director of Information Security and serve as the compliance subject matter expert, performing risk assessments (internal and external) monitoring systems for potential risks, and evaluating and recommending technologies.
You will also work with the Information Security team identifying vulnerabilities, emerging threats and newly introduced risks to firm systems.
You will need to take a proactive approach in continual assessment of firm security systems, providing recommendations for enhancements and adapting to new threats and vulnerabilities.
In summary, you will:
- Act as point person and subject matter expert on Information Security Risk Management principles, practices, rules and procedures
- Manage the firm' s ISO 27001: 2013 Information Security Management System
- Monitor and maintain the firm' s policies and procedures, recommend changes / enhancements, ensuring compliance
- Manage the firm' s vendor risk management program; make recommendations for enhancements/ improvements as appropriate
- Coordinate third party technical risk assessments and related audit activities
- Perform internal technical risk assessments and project reviews
- Produce and maintain information security documentation, including but not limited to policies, procedures, standards, guidelines and diagrams
- Review and respond to client audit / assessment requests in a timely manner
- Drive continuous improvement through trend analysis reporting and metrics management
- Monitor legal and regulatory changes and developments; advise Director and develop appropriate strategies, corrective actions, communications
- Provide guidance to IT group members and firm personnel on related policies, firm procedures, regulatory rules and compliance
- Coordinate activities within the firm' s vulnerability management program
- Proactively assesses potential risks and opportunities for improvement
- Understand the role of systems and technology within the firm and promote a culture of information security risk & compliance across all business units
- Manage the employee annual recertification for various firm policies
- 5+ years of information security / cybersecurity experience
- Experience with ISO 270002 control framework, SIG-Lite Risk Assessments
- Proficient knowledge of security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, and other market leaders in technology solutions, including mobile devices.
- Demonstrated knowledge of the global data security regulatory environment
- Strong knowledge of technology risk management concepts and their application
- Must be able to work collaboratively in a team environment and independently
- 5+ year experience in information security risk management or governance role
- 5+ year experience in information technology; ie. networking, desktop engineering, programming or systems administration
- Strong knowledge of risk management frameworks including; ISO 27002, NIST and COBIT 5
- Experience in a law firm environment a plus
- Bachelor' s degree with Computer Science or related quantitative course of study (math, engineering,...)
- Preferred education / Certifications such as CISSP, CISA, and/or CISM