Information Security Analyst - Los Angeles, CA
A major international law firm with over 20 offices worldwide, seeks an Information Security Analyst for their Los Angeles office. The role of Information Security Analyst supports the technical and governance functions within the InfoSec department. The Analyst is responsible for assessing the compliance of business and technology operations processes against the Information Security Management System (ISMS) policies, while also including HR, IS and InfoSec departmental protocol documents, ISO 27001, and other industry security models for guidance. The Analyst’s responsibilities include:
- Perform projects and tasks which promote policy compliance, enforcement, and awareness, while also looking at opportunities for security program improvement.
- Security Risk Management: Applying risk management concepts to performing security assessments of the network computing environment which include controls and safeguards used to secure hardware, software, operating systems, applications, data, mobile devices, and cloud services.
- Security Audits and Assessments: Perform information security assessments for information technology projects to ensure compliance with policies and client requirements. Perform scheduled testing of identified technology controls and safeguards to ensure compliance with ISMS, firm policies, and client requirements. Develop agreeable remediation plan for any findings until the security engagement has been completed.
- Security Systems Monitoring: Provide front-line InfoSec support for monitoring internal network computing systems, logs, and alerts. Also, review and process reports, and notifications provided by third party security services providers.
- Client Security Assessment Engagements: Deliver service excellence for services to our clients, both existing and prospective. Fulfill requests for information through RFPs, security program introductions, the completion of security assessment questionnaires, validation of compliance with Outside Counsel Guidelines and contracts, and problem resolution via email notifications and discussions.
- Security Integration and Change Management: Participate in the design of technology-driven projects which undergo the processes described in the ISMS Change Management Policy to ensure security requirements are included in the process lifecycle.
- Security Training and Awareness: Delivery of security awareness to firm personnel to meet ISO 27001 certification guidelines, firm policy requirements, and client expectations.
- Business Continuity Support: Participate in events which impact business continuity including security incident response and disaster recovery to ensure security policies and processes are included in the event management process. Includes program maintenance, testing, and incorporation of improvements to policies, processes, and controls.
- Professional Development: Keeping up on security industry best practices, solutions, and safeguards, while also acquiring this knowledge to be used in strengthening existing processes and controls that are currently applied at the firm.
While the Information Security Analyst will report to the CISO, the position will also have a secondary reporting relationship to the CIO for technical operations-related tasks and issues. The Analyst will also be collaborating closely with the InfoSec IT Security Engineer for tasks and projects of a technical nature and for mentoring. Outside of the InfoSec Team, the Analyst will be collaborating with:
- Information Systems including IS Leadership and technical personnel including IS Operations, Business Intelligence, Telecommunications, Records Center, Support Center, Desktop Support, HRIS, on technical projects and tasks.
- Global Services Chiefs and Directors including Directors of Administration at all firm office locations on projects and tasks relating to security awareness training, business continuity.
- Global Services Departments and Staff including Human Resources, Client Value, Business Development, Corporate Procurement, Accounting/Finance, Marketing, Professional Development on projects and tasks relating to security risk assessments, client audits and business continuity.
- Outside consultants and vendors including existing and prospective security services providers, industry professional consultants and educators, peers, and colleagues.
- Client assessors and auditors including requests for processing RFPs, SAQs, and other security related inquiries.
- Security Risk Assessments will be administered for processes which impact the effectiveness of applied security controls used in the firm’s network computing environment, and shall conform to the ISMS Risk Management Methodology, and Risk Assessment and Treatment guidelines. In addition to existing security controls, the responsibilities includes the assessment of new technologies such as new software applications for web and mobiles devices, cloud services technologies, and identity access management.
- Audit / Compliance Assessments will be conducted during ISO 27001 certification engagements and will require the coordination of controls testing as outlined in the ISO’s Statement of Applicability. This is an on-going task that may include immediate responses to auditor requests as well as participation in audit discussions.
- of the firm’s network security environment will include daily processing of information provided by current managed security services providers, and coordination of activities with the appropriate support personnel.
- Security Program Administration will require participation in:
- Business continuity, disaster recovery and incident response events for ensuring ISMS requirements are included.
- Network Penetration Testing, Patch Management and Vulnerability Management tasks for assisting with planning, execution, and remediation of any findings.
- Physical security systems to assist with compliance assessments of CCTV security cameras, and badge access systems.
- Motivated and organized self-starter with the initiative to follow through on programs/projects and work with all levels of users and customers.
- A commitment to service excellence with the ability to gain customer satisfaction under pressure conditions.
- Interpersonal communications skills that encourage collaboration, while also performing job duties in a polite and professional manner.
- Proficiency with technical writing to create security assessments and audit reports, security policies and protocols, email communications, and other security-related documentation.
- Ability to communicate technology and security terminology and processes to audiences with varying experiences.
- Provide on-going guidance through security awareness and process improvement where opportunities and gaps of compliance exist.
- Compliance with Firm’s HR Policies including expected conduct, personal appearance, and service to our clients.
- Includes opportunities for professional self-improvement through education to also benefit the firm and its security program effectiveness.
- Perform other related duties as assigned.
- Either ISACA-CISA or ISC2-SSCP certification is required.
- A Bachelor’s degree in Computer Science, Information Assurance, or a related discipline is preferred.
- Familiarity with security controls used in various commercial solutions sold by Microsoft, Apple, Google, Cisco, and other enterprise network computing products.
- Pursuit of on-going learning of emerging software, security technologies, and industry standards for security best practices to contribute towards continuous improvements of the firm’s security program.
- Flexibility relative to scheduling is required.
- Experience with ISO 27001 with two (2) years’ experience in applying risk management practices and security controls testing based on security industry frameworks.
- Demonstrated experience working with audits and assessments based on ISO, PCI, SOC2, OWASP and Cloud Services requirements.
: Please email your resume for immediate consideration to: firstname.lastname@example.org