Legal Staff Information Technology in Indianapolis, IN

Law Firm

Indianapolis, IN

Legal Staff Information Technology in Indianapolis, IN

Legal Staff

No

Job Title: Governance, Risk, and Compliance Analyst

Job Responsibilities:

Governance
- Support the development and management of cyber security policies, standards, procedures, and overall governance based on the NIST Cyber Security Framework, NIST 800-53, and CIS controls.
- Assess current platforms against security and configuration standards.
- Interface with key security personnel to ensure expectations and remediation activities are aligned to best practices.
- Work closely with the IT team to ensure key cybersecurity risks and issues are identified, addressed, and resolved in a timely manner.
- Assist in the development and deployment of information security awareness, training, and communication capabilities as it relates to governance changes.
- Evaluate and process exceptions to information security policies and standards.
- Assist with the administration of identity governance and administration activities.
- Receive audit findings, legal obligations, compliance, and regulatory requirements as input to policy development.
- Manage lateral transfers of data in and out of the law firm and implement ethical walls.

Risk
- Measure and monitor cybersecurity risk.
- Manage and prioritize the risk exception queue.
- Perform risk assessments in alignment with methodologies and provide timely feedback to stakeholders.
- Assist in conducting a business impact analysis for business systems, applications, and processes.
- Assist with the development of cyber resilience plans including incident response, business continuity, and disaster recovery.
- Participate in Third Party Risk Management Program activities.

Compliance
- Maintain awareness of existing and proposed security standards, state and federal legislations and regulations pertaining to information security.
- Identify regulatory changes that will affect information security policy, standards, and procedures, and recommend appropriate changes.
- Participate in internal and external compliance audits and security questionnaire responses.
- Provide guidance to management and business stakeholders regarding the security impact of regulations, policies, applicable laws, and key risks.
- Participate in compliance reviews as assigned by management.

Education and Experience Information:

- Understanding of common security regulations (., HIPAA, Meaningful Use, PCI DSS, ISO2700x, FDA, etc.).
- Understanding of common industry security frameworks (., ISO2700x, NIST CSF, NIST SP 800-53, HITRUST, etc.).
- Knowledge of information security risk management frameworks and compliance practices.
- Familiarity with security auditing and risk assessment processes.
- Skills in documenting risk and compliance activities.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and non-technical audiences at various hierarchical levels.
- Proficient in the development and delivery of incident response playbooks and tabletop exercises.
- Sound knowledge of business management and an expert knowledge of information/cybersecurity risk management and governance.
- Experience responding to, analyzing, and communicating information security audits.
- Basic understanding of general security concepts including but not limited to cryptography, DLP, Security Operations Center, Security Managed Services, SEM, FW, Audit, Cloud Security, Mobile Security.

Other Expectations:

- Strong ability to follow instructions, ask intelligent questions, and engage critical thinking skills to complete the work.
- Self-starter: ability to work independently with minimal supervision.
- Ability to work effectively in a team environment.
- Maturity to accept direction, confidence to give direction.
- Ability to quickly identify risks that require escalation to higher levels of leadership.
- Ability to operate independently and show measurable progress daily.
- Ability to manage multiple tasks simultaneously without missing deadlines or dropping assignments.
- Ability to adapt quickly and without frustration to changing priorities and emphasis.
- Strong attention to detail and high commitment to quality.
- Good attitude and courtesy to work with a small, fast-paced team.
- Efficient worker looking for ways to gain efficiencies and maximize time spent.

Salary Information:

Salary in the range of $70,000 – $90,000 dependent on experience level and geographic location.

Benefits provided include:
- Paid time off
- Health insurance
- Vision and Dental Insurance
- 401k (with an employer match)
- Life insurance
- Many others. Please reach out for a comprehensive list of benefits provided.

Candidates must have permanent authorization to work in the United States. The law firm is an Equal Opportunity Employer and is committed to recruiting, developing, and retaining talented attorneys and professional staff from all backgrounds. The law firm takes great pride in a culture of inclusion where everyone feels respected, is treated fairly, and has the opportunity to perform at the highest potential.