The Cyber Compliance Analyst helps maintain an ISO 27001 enterprise security program and architecture to prevent or minimize data loss. Monitors adherence to information security policies to ensure that appropriate access to, and the confidentiality of client, employee, and firm information is maintained. Administers third party risk management, vulnerability management, and security awareness activities. Assesses the effectiveness of the firm’s information security and privacy training program, develops and administers security awareness content including conducting security and social engineering exercises. Ensures training remains consistent with current cybersecurity and privacy threats. Participates in responses to client (and potential client) security inquiries, questionnaires, and audits. Completes scheduled internal audits to detect information loss or policy violations. Participates in the evaluation and recommendation of security products, services and/or procedures to enhance productivity and effectiveness.
PRINCIPAL DUTIES AND RESPONSIBILITIES*
Performs information security risk assessments and assists with the daily, weekly, monthly and quarterly internal auditing of information security processes.
Coordinates the firm’s technology provider and vendor risk management program.
Administers the firm’s security awareness program.
Monitors the security infrastructure for policy violations or security events and participates in problem management and forensic activities as needed.
Assists the Director of Information Security in responding to client requests including preparation of written audit responses and preparation of evidence. May involve direct interaction with client risk management personnel.
Responds to informational requests and the preparation of written responses to firm business development efforts, requests for proposals, and requests for information documentation.
Assists in the analysis of system weaknesses identified during system security assessments and manages the related mitigation plans and remediation efforts.
In conjunction with production teams, assists with selection, testing, and implementation of controls that apply security protections to enterprise systems, processes, and information technology resources.
Supports IT security within the system development lifecycle, change management, production systems support and technology-enabled projects (user administration, security logging, secure process flow, security best practices).
Provides quality service to internal members/departments of the firm as well as external clients and vendors by displaying professionalism via electronic and print correspondence, over the telephone and in-person and by encouraging an atmosphere that rewards a "can do" attitude.
Assumes additional responsibilities as assigned.
General knowledge of Windows operating system and web browser behavior, networking, database, systems, and mobile devices.
Experience preparing spreadsheets and documents using Microsoft Excel and Word.
Strong understanding of the concepts of confidentiality, integrity, availability, and auditing which support the implementation of effective information security programs, policies, and controls.
Knowledge of security issues, techniques, and implications across firm computer platforms required.
Knowledge of the ISO 27001 standard and certification process.
Ability to develop project plans and identify mitigation strategies for client compliance activities.
Demonstrated skills in development and delivery of reporting on the status of all IT audit recommendations.
Experience researching new training methods, identifying organization benefits from any new training or training methods, and providing recommendations to leadership.
Proven interpersonal and communication skills.
Good work ethic; excellent use of discretion and judgment. Excellent written communication skills.
Critical thinking and planning abilities required.
Track record of successfully meeting challenges, influences and driving consensus within the team.
Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging timelines required.
Ability to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.
Ability to make logical conclusions, to anticipate obstacles, and to consider different approaches that are relevant to the decision-making process.
Bachelor's Degree in Computer Science Management or related work experience may be considered in lieu of degree.
3-5 years’ work experience supporting information services in a medium to large environment; or other equivalent combination of education and experience that provides the required knowledge and skills. A history of audit and compliance focused work experience preferred.
WilmerHale is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, gender identity, national origin or ancestry, age, disability or veteran status, or other protected status.
Wilmer Cutler Pickering Hale and Dorr LLP (WilmerHale) provides legal representation across a comprehensive range of practice areas that are critical to the success of its clients. The law firm’s leading intellectual property, litigation/controversy, regulatory and government affairs, securities, and transactional groups participate in some of the highest-profile legal and policy matters. With a staunch commitment to public service, the firm is renowned as a leader in pro bono representation. WilmerHale has more than 1,000 lawyers in 12 cities worldwide.