Search using our robust engine. Get the recommendations you need to get ahead.
Browse through our expansive list of legal practice areas.
Work where you are or where you would like to be. Find where you will work with LawCrossing.
Use our marketplace to feature your opportunity
Start your search today
Set up your account and manage your company profile on LawCrossing
Look through and compare company profiles
Learn from the legal expert
Discover salaries and the scope of your next job
LawCrossing Works Read Testimonials and Share your Story
Carrot Peelers, Sales, Personality and Your Job Search
Law Firm
Legal Staff
Min 5 yrs required
Information Security Policy/Audit Analyst Duties: Develops, tests, documents, evaluates, tracks and improves information security controls for all information technology resources, applications and security protocols. Creates and documents security policies, procedures and protocols as required. Implements security audit guidelines and workflow process, testing the capability, reliability and effectiveness of the firm’s security systems, applications, protocols and procedures. Collaborates with appropriate stakeholders to document and implement necessary policies and procedures to comply with ISO 27001 standards and to obtain certification. Works with security and departmental subject matter experts to develop and document a practical business continuity plan designed to ensure ongoing business viability. Works with appropriate personnel to respond to client generated security assessments. Performs necessary security engineering tasks as a backup for other security team members.
Qualification and Experience
Qualifications: Undergraduate degree in computer science, information technology or equivalent work experience. 5+ years in an information security role, preferably in a law firm or other environment involving critical data and confidentiality management requirements. Experience working with enterprise security technologies, including IDS/IPS systems and firewalls (CheckPoint experience preferred), antivirus, enterprise vulnerability scanning and testing, data at rest encryption technologies, and related technologies used to secure electronic data in the enterprise. Experience in performing auditing and other testing of security controls, developing audit plans and procedures, and reporting the results of such audits. Experience in security policy writing/development, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing. CISSP, CISM, CRISC, CISA, GIAC, or other security certifications desired. Knowledge of information security controls and standards, particularly ISO 27001/27002 and NIST 800-53, rules and regulations related to information security and data confidentiality (e.g., HIPAA) and desktop, server, application, database, network security principles for risk identification and analysis. Strong analytical and problem solving skills. Excellent communication (oral, written, presentation), interpersonal and consultative skills. Able to work independently, self-directed.
Sign Up Now