Information Security Analyst ($80k-100k/year)

Position: Information Security Analyst 

Location: Newark, NJ

Full Time: Yes (Full time)

Salary range:$80,000-100,000

The Information Security Analyst is a vital support role within the firm, reporting to the Information Security Governance Manager to support the firm’s information security framework. This hands-on position involves contributing to the maintenance and enhancement of the firm’s information security governance, risk, and compliance initiatives. Key responsibilities include responding to and managing client and vendor IT security assessments, assisting in risk management and remediation tracking, and developing cybersecurity awareness and phishing training programs. The analyst will also generate essential security metrics on a routine and periodic basis. With a strong technical background, this role requires collaboration with IT to ensure security priorities are aligned with the firm’s IT and business objectives, ultimately contributing to a secure technology environment for the firm’s employees and clients.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Update and uphold security policies and procedures, adapting to new technologies and the evolving security landscape.

• Manage responses to client security assessments, complete detailed questionnaires, and implement necessary adjustments following these evaluations.

• Monitor and document remediation efforts, ensuring compliance with security standards such as SOC2, NIST 800-53, and ISO 27001.

• Engage in risk assessment processes, identify IT risks, and help manage the firm’s risk register and related metrics.

• Facilitate internal security audits, maintain compliance with firm policies, and address audit findings with appropriate corrective actions.

• Provide necessary documentation and insights to external auditors about the firm's security protocols.

• Develop and deliver security training programs for employees, and maintain the firm's ongoing security education efforts.

• Report on security metrics and risk assessments to senior management, detailing incidents, response times to vulnerabilities, and risk evaluations.

• Investigate security incidents, respond to phishing attacks, analyze root causes, and develop strategies to prevent future incidents.

• Keep abreast of emerging security threats and technological advances that may affect the firm’s security posture.

• Review outside council guidelines and contracts to ensure compliance with client security and regulatory demands.

• Work collaboratively with legal, administrative, and other firm stakeholders to foster compliance with and understanding of information security policies.

Requirements

• A degree in information systems, though not mandatory, is beneficial.

• Certifications like CGRC, SSCP, or equivalent experience are advantageous but not required.

• Three to five years of experience in IT, data governance, or information security is preferred.

• Understanding of data protection and privacy laws such as GDPR and CCPA.

• Knowledge of core information security principles and practices.

• Strong written and verbal communication skills.

• Analytical and problem-solving abilities.

• Capability to work both independently and as part of a team.

• Excellent organizational skills and meticulous attention to detail.

• Ability to thrive in a dynamic environment with shifting priorities.

• Previous experience in a law firm setting is highly desirable.