NFORMATION SECURITY ANALYST
Our law firm is now in a search for an Information Security Analyst (“Analyst”). This is a, full-time, salaried position, reporting to the Chief Information Officer (“CIO”). The hours of employment are Monday through Friday, 9:00 AM to 5:00 PM and such other hours as may be required from time to time to ensure the timely rendering of services. The Analyst is required to respond to security incidences and business continuity issues on a 24/7 basis.
EDUCATION/EXPERIENCE/CRITERIA: A college education in a Computer Sciences major or related field; a minimum of four (4) years’ experience assisting in the development, management and implementation of data security standards and systems administration; and, having or the ability to obtain government security clearances as applicable are required. Prior data security experience in a law firm or financial organization and CISA or CISSP certification would be preferred. The ability to travel for training and educational purposes or as otherwise required is a requirement.
ADDITIONAL KNOWLEDGE/EXPERIENCE: The Analyst should have experience with, knowledge of, or the ability to acquire the following skills: Knowledge of ISO security standards, rules and regulations related to GLBA, HIPAA, Mass Privacy, etc.; experience in network or systems administration; an advanced knowledge of the Windows operating system including patching practices, hardening and administration techniques; working knowledge and experience with any of the following technologies VA, SIEM, DLP, IPS/IDS, AV, MFA, VPN, FW, AD, Wireless, ACL’s, Port Scanning, MBSA; experience with event logging and correlation in SOC or CSIRT; an understanding of security concepts, encryption, system hardening, defense-in-depth designs, advanced persistent threats, anomaly detection and next-generation technologies.
OVERALL RESPONSIBILITIES: The Analyst is responsible for all aspects of data security and the mitigation of risk for the Firm by researching, developing, proposing and implementing as approved firm-wide security policies, standards, procedures and protocols and will manage systems and practices to protect client, employee, and Firm information in compliance with government requirements and in keeping with the Firm’s security policies and standards using the industry’s best practices. The Analyst will work closely with and establish a strong communication process with the CIO keeping the CIO timely informed of current issues and potential problems as they develop and will seek advice as needed.
Best Practices: The Analyst will keep informed of all of the best practices for managing and implementing the Firm’s data security systems and processes. To this end, s/he will participate in applicable professional organizations; subscribe to industry literature; attend seminars and other informational events; keep current with applicable government regulations and requirements; and, as appropriate obtain technical certifications to enhance his or her credentials and knowledge.
Policies, Standards and Protocols: The Analyst will quickly become knowledgeable about the Firm’s technology systems, its legal practices and support services areas, its client requirements and its existing policies and procedures to assess its data security requirements and to develop and propose current and long-term data security policies, standards and protocols to ensure the 24/7 security of the technology functions of the Firm and the protection of its information assets and technologies. To this end, the Analyst will work with the CIO, senior management and partners to establish and maintain data security strategies and programs; will draft and document all applicable security policies and procedures; will ensure all security policies and procedures are kept current incorporating security changes as they occur; and, will ensure the safekeeping of all security policies and procedures.
Implementation: The Analyst will as authorized implement the data security standards, policies and protocols of the Firm. To that end, s/he will be responsible for directing and ensuring that appropriate processes are in place and is responsible for their ongoing effectiveness; will enforce best and most current practices as pertains to all aspects of data security; will evaluate, make recommendations and as approved implement all hardware and software security components for the Firm’s computer, voice, and data network functions; will have a significant role in maintaining the Firm’s Disaster Recovery and Business Continuity Plan; will work with others to remediate findings from vulnerability scans; will prepare detailed documentation on systems configurations as well as security threats and remediation; will on a daily basis review security event logs; will conduct penetration testing and remediation; will work with the Help Desk on alerts and threat remediation; will provide technical guidance and recommendations for new products and services; and, will develop, implement and maintain responses to information security incidences as needed.
Other Duties: The Analyst will serve as the primary internal and external contact for data security in the Firm. The Analyst will advocate for, enforce as required, promote and communicate on all data security matters. To this end, s/he will respond to all client security audit requests often dealing directly with clients or their representatives; will ensure all security policies and procedures information is communicated to and available to the appropriate personnel; will create and promote a high degree of data security awareness in the Firm; will use tact and diplomacy when enforcing data security requirements; will work to enhance the skills of other team members and the knowledge of end users; and, will develop and implement training programs as best serve data security in the Firm.
The Information Security Analyst will, from time to time, perform such other duties as are necessary to ensure the timely and efficient performance of the hardware and certain software functions of the Firm.
SKILL SET: The Analyst must have the technical and tactical knowledge required for implementation, support, and maintenance of the data security systems and infrastructure with the ability to execute same appropriately and in a timely manner; must have an advanced knowledge of technology security issues; has strong analytical and problem solving skills; is proficient in the technology required to perform job duties; will learn, retain and adapt quickly to technology changes and advancements; has a solid understanding of how technology interacts with other technology in the Firm; will be proactive anticipating problems and taking steps to prevent problems; will continually increase and broaden his/her technical skills and data security knowledge; will conduct him or herself in a highly service oriented manner; has strong interpersonal, leadership and organizational skills; conducts him or herself with tact and diplomacy in all matters; deals positively with work problems; has excellent multitasking abilities setting priorities and meeting time deadlines; works well under pressure; has good verbal and writing skills; will work independently and participate as a team member in projects; and maintains accurate records. S/he must treat all office matters with strict confidence.
← return to listings