IG Compliance & Security Analyst

IG Compliance & Security Analyst

Cooley is seeking an IG Compliance & Security Analyst to join the Information Governance & Data Privacy team.

Cooley Information Services (IS) embraces a culture of customer service excellence and all members of the department are expected to move this agenda forward. To that end, the IG Compliance & Security Analyst is expected to recognize that the Cooley IS Department is a service organization first and foremost and will be evaluated on this requirement equal in importance to the technical or operational responsibilities outlined later in this document.

• Conduct both internal and external audits to ensure compliance with all industry-mandated regulations
• Work on compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures
• Monitor activities of assigned IS areas to ensure compliance with internal policies and standards
• Participate in the development and implementation of new business initiatives to ensure functionality required to support compliance
• Provide guidance to business functions on compliance/security-related matters
• Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings
• Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables
• Conduct formal risk assessment reviews to determine the critical points of business exposure
• Evaluate and recommend commercial governance, risk and compliance vendors and tools
• Maintain the firm's ISO 27001 certification
• Maintain the firm's governance, risk and compliance tools
• Answer client assessment and audits to ensure firm compliance
• Perform assessments and audits of vendors to ensure compliance with firm security policies and procedures
• Develop and maintain metrics that assess the firm's governance, risk and compliance initiatives
• Assess and track the firm's compliance to existing and future global regulations in privacy and security
• Assess and track the firm's compliance with standard security frameworks such as ISO and NIST
• Assist in the identification of risks, threats and vulnerabilities to firm
• Track risks and mitigation efforts
• Participate in governance, risk and compliance forums and organizations to learn new ideas to solve problems
• Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change
• Regularly interact with all levels of management to present and discuss audit results and obtain gap remediation status
• Perform periodic security risk assessments and advise business stakeholders on best practices to reduce risk and overall breach profile
• All other duties as assigned or required

• Ability to work extended and/or weekend hours, as required
• Ability to travel, as required
• 3+ years' experience in governance, risk and compliance (GRC) processes, solutions, information security and auditing;
  Eligible for consideration of Senior designation with 5+ years' directly applicable work experience
• CISSP or equivalent certifications and/or experience
• Demonstrated ability to apply IS-related knowledge and experience in solving compliance issues
• Background in security controls, auditing, network and system security
• Proven practical experience in information security and well-rounded knowledge of IST
• Experience with managing and implementing ISO 27001 or NIST compliance
• Demonstrated experience evaluating the security posture of vendors and system architecture
• Prior experience implementing and running incident management programs and systems
• Prior experience handling vendor relationships
• Project management experience

• Bachelor's degree in Information Technology or Computer Information Systems
• Prior law firm experience
• Desired certifications: PCIP, ISA/QSA, CISSP, CISA, CISM, and related GIAC
• Experience acting in an independent audit function
• Experience implementing GDPR, HIPAA, SOC 2 audits
• Additional security certifications

• Exceptional customer service skills
• Ability to express technical concepts in business terms
• Able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently
• Excellent analytical, problem-solving and project management skills
• Ability to balance security best practices with business objectives
• Proven track record of excellent decision-making, integrity and working with IS management, business users and staff
• Excellent oral and written communication skills, including technical and user documentation
• Detail orientated and strong organizational skills
• Ability to work independently and under high pressure with tight schedules and deadlines
• Ability to interact well with all levels of staff
• Excellent active listening skills
• Ambitious and motivated team player
• Capable of grasping new concepts quickly and without prior experience
• Ability to interact and…