Senior Security Analyst
The Security Analyst supports the Firm's existing technology, processes, policies, and appropriate controls to ensure a strong information security program is in place.
Responsibilities include maintaining knowledge of security threats and trends, keeping up to date with security solutions and best practices, and recommending new solutions and processes for the security program to ensure protection of the Firm's network and information assets.
This position will work closely with other security and operational risk positions to include Security Architect, Security Analyst, Operational Risk Manager and IG & Records Manager to support the Firm's risk programs.
Responsibilities Manage the preparation, execution and remediation of various security and risk assessments.
Participate in compliance reviews and requests for mutually approved artifacts.
Security resource with the disaster recovery team.
Recommend and ensure proper implementation of new security solutions.
Recommend and review departmental policies to ensure the necessary security audits and tests are carried out prior to being introduced into production.
Maintain working knowledge of various compliance needs and changes in various industries.
Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements.
Propose and lead improvements based on knowledge and practical application of security best practices, including but not limited to threat assessment, vulnerability prevention, compliance, and monitoring tools.
Identify and communicate to management the cause of all Security incidents, making recommendations as to how the specific incidents can be avoided in the future.
Provide subject matter expertise and advise firm's personnel of best practices.
Provide mentorship to other Security Analyst(s).
Lead Vulnerability Management program.
Lead Firm wide Security Awareness education, including phishing simulations.
Assist with the ongoing development, documentation and execution of best practices in the use of technology and workflow processes Lead education efforts of Firm employees to include but not limited to:
dangers related to viruses and malware, denial of service attacks, internet usage best practices, external actors, phishing, and threats from internal employees and employee turnover issues Assist with review of contractual client security requirements and ensure the firm is aligned Create and monitor standardized internal processes to ensure security controls are consistent with overall security position of the firm Participate in data loss prevention initiatives including implementation of appropriate processes with the business and management of technical solutions to prevent data loss Threat monitoring with various threat feeds to provide intel and recommendations for vulnerability management Participate in Vendor Management Program activities, including downstream vulnerability identification, monitoring, and remediation to ensure vendors' security programs align with firm and client requirements Management and utilization of existing security tools Point of contact for end user security and phishing questions and support Execute defined audit and compliance activities that address security, privacy and risk Maintain working knowledge of various regulatory compliance needs and changes in various industries and promote change within the organization Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements Participate in budget process to include recommendation of solutions to close gaps or improve position for security and vendor management Assist with internal risk assessments and maintenance of risk register Assist with ISO 27001 certification Perform other duties as assigned Requirements A bachelor's degree or equivalent work experience preferred in Information Security Minimum of 5 years of related duties and responsibilities; prior law firm background preferred Ability to communicate and document comprehensive technical issues for a nontechnical audience in a professional manner Working knowledge of various regulatory compliance standards such as ISO, NIST, HIPAA, HITECH, PCI Senior Security Analyst Recommended Skills Auditing Coaching And Mentoring Data Loss Disaster Recovery Hardworking And Dedicated Iso/Iec 27001 Estimated Salary: $20 to $28 per hour based on qualifications.
Responsibilities include maintaining knowledge of security threats and trends, keeping up to date with security solutions and best practices, and recommending new solutions and processes for the security program to ensure protection of the Firm's network and information assets.
This position will work closely with other security and operational risk positions to include Security Architect, Security Analyst, Operational Risk Manager and IG & Records Manager to support the Firm's risk programs.
Responsibilities Manage the preparation, execution and remediation of various security and risk assessments.
Participate in compliance reviews and requests for mutually approved artifacts.
Security resource with the disaster recovery team.
Recommend and ensure proper implementation of new security solutions.
Recommend and review departmental policies to ensure the necessary security audits and tests are carried out prior to being introduced into production.
Maintain working knowledge of various compliance needs and changes in various industries.
Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements.
Propose and lead improvements based on knowledge and practical application of security best practices, including but not limited to threat assessment, vulnerability prevention, compliance, and monitoring tools.
Identify and communicate to management the cause of all Security incidents, making recommendations as to how the specific incidents can be avoided in the future.
Provide subject matter expertise and advise firm's personnel of best practices.
Provide mentorship to other Security Analyst(s).
Lead Vulnerability Management program.
Lead Firm wide Security Awareness education, including phishing simulations.
Assist with the ongoing development, documentation and execution of best practices in the use of technology and workflow processes Lead education efforts of Firm employees to include but not limited to:
dangers related to viruses and malware, denial of service attacks, internet usage best practices, external actors, phishing, and threats from internal employees and employee turnover issues Assist with review of contractual client security requirements and ensure the firm is aligned Create and monitor standardized internal processes to ensure security controls are consistent with overall security position of the firm Participate in data loss prevention initiatives including implementation of appropriate processes with the business and management of technical solutions to prevent data loss Threat monitoring with various threat feeds to provide intel and recommendations for vulnerability management Participate in Vendor Management Program activities, including downstream vulnerability identification, monitoring, and remediation to ensure vendors' security programs align with firm and client requirements Management and utilization of existing security tools Point of contact for end user security and phishing questions and support Execute defined audit and compliance activities that address security, privacy and risk Maintain working knowledge of various regulatory compliance needs and changes in various industries and promote change within the organization Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements Participate in budget process to include recommendation of solutions to close gaps or improve position for security and vendor management Assist with internal risk assessments and maintenance of risk register Assist with ISO 27001 certification Perform other duties as assigned Requirements A bachelor's degree or equivalent work experience preferred in Information Security Minimum of 5 years of related duties and responsibilities; prior law firm background preferred Ability to communicate and document comprehensive technical issues for a nontechnical audience in a professional manner Working knowledge of various regulatory compliance standards such as ISO, NIST, HIPAA, HITECH, PCI Senior Security Analyst Recommended Skills Auditing Coaching And Mentoring Data Loss Disaster Recovery Hardworking And Dedicated Iso/Iec 27001 Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
