Mid-sized (500 Employees) National law firm, headquartered in Manhattan, has an IT staff respected by the entire organization. The size of the firm, larger enough for growth, but small enough to offer visibility is an opportunity to be recognized for your contributions. It is a very stable collaborative organization avoiding the merger mania that creates havoc in other environments. We are seeking an Information Security Analyst for a newly created position. The role of the Information Security Analyst includes: the implementation, maintenance and review of advanced security technologies (including those applicable to cloud based services, information governance, and client requirements), conducting third party risk assessments, gathering information related to the firm s business continuity and disaster recovery planning, administrating the firm s security awareness training platform, providing frontline response for information security incidents. Day-to-day responsibilities and characteristics: Act as the lead resource for more than 1 of the firm s security systems (Endpoint detection/protection/response, network access control, vulnerability management, security incident and event management, email security, security awareness training, etc.) including the use, operation and maintenance of those platforms. Cross-train on other security systems in use by the firm in order to have a working knowledge of the firm s entire security architecture. Demonstrates thorough knowledge of all user provisioning and de-provisioning processes in use throughout the firm. Under direct supervision, holds responsibility for the lifecycle management of firm end user accounts in various applications and services such as Active Directory. Actively participate in client security assessments, audits, and outside counsel guideline review, including performing gap analysis, evidence collection, and response creation. Assist in conducting security reviews of services, vendors, projects, and technologies. The security review process includes an analysis of the challenge for which a solution is being sought, researching proposed solutions, conducting risk assessments of vendors providing solutions, and presenting final recommendations for implementing the selected solution in a secure manner. As part of the service, system, and business process lifecycle, continually assess and review the firm s current technology infrastructure to identify key risk areas, including the risks associated with business continuity and disaster recovery, ensuring that adequate information has been gathered and controls are in place to address and manage the risks identified. Assist in researching specific security technologies and controls as requested by senior management and required by clients. Participate actively in the Information Security team s effort to continuously improve security policies, processes, and procedures. Provides input to strategic and tactical planning, initiatives, and projects. Coordinate the assignment of security awareness training to all personnel. Responsible, along with the rest of the Information Security team, for ensuring that the firm s Information Security systems are functioning in an optimal manner and that all BC/DR goals are met through testing on a scheduled basis. On a rotating basis, acts as a first responder for Information Security related service desk tickets. Perform necessary investigation, communication, resolutions, and if necessary, escalations, to ensure timely and successful closure of tickets. Represent the Information Security team in a professional manner when engaging with other technical teams, stakeholders, vendors and clients. Other Requirements This position requires ongoing availability and significant off hours accessibility due to the need to adequately respond to possible security events. Perks and benefits include: Health benefits day one Annual 401k profit sharing Generous PTO plan Company provided MiFi device Monthly reimbursements for mobile data plan and much more - provided by Dice Associated topics: forensic, identity, identity access management, information technology security, malicious, phish, protect, security, security officer, vulnerability
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.