Information Security Analyst | Job ID
Syntama group
- Newark, NJ
- Permanent
- Full-time
- Location:
- ,
- Date Posted: May 2, 2024
- Category:
- Maintain and update security policies, controls, and procedures to reflect the firm’s security environment and technological changes.
- Respond to client security assessments, complete questionnaires, and support adjustments based on assessment outcomes.
- Track remediation actions, controls, and configuration changes to comply with security, legal, and audit standards, including those for SOC2, NIST 800-53, and ISO 27001.
- Support risk assessment activities by identifying IT risks and contribute to the management of the firm’s risk register and metrics.
- Help conduct internal audits of security practices, ensuring adherence to established policies and addressing findings with corrective measures.
- Provide support to external auditors by supplying necessary documentation and insights into the firm’s security practices.
- Assist in the development and delivery of security awareness training for employees and support the maintenance of the firm's security training initiatives.
- Report on the information security environment to senior management, including incidents, vulnerability response times, and ongoing risk assessments.
- Investigate and analyze security events, effectively respond to phishing attempts, and assist in pinpointing root causes to develop and implement strategies for prevention of future incidents.
- Stay informed about current and future security threats and technological developments that could influence the firm’s security posture.
- Assist in reviewing outside council guidelines and agreements to ensure the firm meets client security and compliance requirements.
- Collaborate with various firm stakeholders, including legal teams and administration, to facilitate understanding and compliance with information security policies.
- Bachelor’s degree in information systems or equivalent work experience are a plus but not required.
- Security+, CGRC, SSCP, or equivalent certifications and/or experience are a plus but not required.
- Minimum of three to five years of experience in IT, data governance, or information security.
- Knowledge of data protection and privacy regulations, including GDPR, CCPA, and
- Excellent written and verbal communication skills.
- Strong analytical and problem-solving skills.
- Ability to work independently and as part of a team.
- Strong organizational skills and attention to detail.
- Ability to work in a fast-paced environment with changing priorities.
- Previous experience in a law firm is preferred.