Job Posting for Information Security Risk & Compliance Analyst at Simpson Thacher & Bartlett LLP
Information Security Risk & Compliance Analyst
Apply Now
Description/Job Summary
The Information Security Risk & Compliance Analyst will play a pivotal role in ensuring the seamless and effective management of client audit requests within our Firm. Reporting to the Director of Information Security, you will be responsible for managing and responding to client audit requests in a timely and accurate manner. This position requires a detail-oriented professional with strong organizational and communication skills to facilitate timely and accurate responses to client inquiries. This individual will collaborate with internal teams, coordinate the gathering of information, and craft comprehensive audit responses that align with legal and regulatory standards. Success in this role contributes to positive client relationships, regulatory compliance, and the overall reputation of the organization.
Responsibilities/Duties
Serve as the primary point of contact for clients during the audit response process
Collaborate with internal teams to gather relevant documentation and information needed for the audit response
Foster effective collaboration with internal teams, including legal, finance, and compliance to gather necessary information for audit responses
Act as point person and subject matter expert on Information Security Risk Management principles, practices, rules, and procedures
Develop and maintain a centralized repository for audit-related documentation, ensuring easy retrieval and access for future reference
Uphold positive relationships with clients throughout the audit response process
Improve and maintain key performance indicators (KPIs) to measure the efficiency and effectiveness of the audit response process
Communicate proactively with clients, addressing inquiries and providing updates on the status of the audit response
Assist team members in support of the Firm’s ISO 27001, ISO 27701 and ISO 22301 Information Security Management programs
Help in the conducting of security audits (3rd party vendors) to ensure that security protocols are being followed and identify areas where improvements can be made
Monitor legal and regulatory changes and developments; advise Director and develop appropriate strategies, corrective actions, communications.
Provide guidance to IT group members and firm personnel on related policies, firm procedures, regulatory rules and compliance
Proactively assesses potential risks and opportunities for improvement
Perform other duties as assigned
Required Skills
Experience with ISO 270002 control framework, SIG-Lite Risk Assessments
Proficient knowledge of security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix/Linux, and other market leaders in technology solutions, including mobile devices.
Demonstrated knowledge of the global data security regulatory environment
Strong knowledge of technology risk management concepts and their application
Must be able to work collaboratively in a team environment and independently
Ability to handle sensitive and/or confidential material with discretion
Excellent interpersonal skills and a professional demeanor; ability to work effectively with all levels of Firm personnel and vendors
Excellent written and verbal communication skills
Strategic thinker with strong analytical and problem-solving skills
Demonstrated project management skills, organizational and execution skills with strong attention to detail
Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation
Must be flexible in order to respond quickly and positively to shifting demands
Preferred Skills
Industry certifications (for example CISSP, CISM, CISA or CGEIT)
Strong knowledge of risk management frameworks including; ISO 27002, NIST and COBIT 5
Required Experience
5 years of experience in Information Security related responsibilities
Preferred Experience
5 years’ experience in Information Security Risk Management or Governance role
5 years’ experience in Information Technology; ie. networking, desktop
Experience in a law firm environment a plus
Required Education
Bachelor’s degree, IT related discipline
Preferred Education
Professional certifications, such as CISSP, CISA, or CISM
Details
Salary Information
The estimated base salary range for this position is $100k to $120k at the time of posting. The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.
Privacy Notice
For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.
Salary.com Estimation for Information Security Risk & Compliance Analyst in New York, NY
$81,369 to $114,267
If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution.
Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right.
Surveys & Data Sets
Sign up to receive alerts about other jobs with skills like those required for the Information Security Risk & Compliance Analyst.
Click the checkbox next to the jobs that you are interested in.
Not the job you're looking for? Here are some other Information Security Risk & Compliance Analyst jobs in the New York, NY area that may be a better fit.
We don't have any other Information Security Risk & Compliance Analyst jobs in the New York, NY area right now.