Senior Analyst, Cybersecurity Governance Risk & Compliance

Paul Hastings is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies. With a strong presence throughout Asia, Europe, Latin America, and the U.S., we have the global reach and extensive capabilities to provide personalized service wherever our clients' needs take us. As one of the world's leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth.

We have an opening for a Senior Analyst, Cybersecurity Governance Risk & Compliance.

The Senior Analyst, Cybersecurity Governance Risk & Compliance will administer the completion of compliance-related client requests to assess security policies and procedures. The Senior Analyst will respond to inquiries on the security controls policy, processes, and procedures implemented for the Firm managed systems and applications, as well as support Third Party Risk Management ("TPRM") and Governance and Risk functions in conducting vendor due diligence (initial, reassessments and ongoing monitoring) and supporting broader GRC efforts. This position requires strong communication skills, initiative, attention to detail and the ability to learn quickly.

In this capacity, the Senior Analyst, Cybersecurity Governance Risk & Compliance will:

• Review and understand the Firm's current IT Risk Management ("ITRM") program framework and associated policies, standards, procedures, and processes;
• Develop understanding of the Firm's controls structure to support the creating or revising standard narratives/responses for client questionnaires (e.g., SIG);
• Prepare and respond to related compliance requests and web-shares including referencing evidentiary artifacts or other documentation;
• Complete external information security assessments, remediation efforts and support status tracking of assessment queues;
• Coordinate with external assessors and internal subject matter experts to address compliance inquiries and web-shares of security artifacts;
• Assist in further defining the process for completing information security control assessments;
• Support metrics and reporting of the Information Security Program through the collection and analysis of effectiveness security control measures;
• Develop and maintain the status tracking related to findings from information security assessments, Governance, Risk and Compliance, and TPRM due diligence/reassessment assessments and associated remediations;
• Contribute to the creation of GRC related processes and procedures and relevant documents;
• Work with the CISO, senior managers, managers and other internal stakeholders to report existing information security program and ongoing security projects that address information security risks and compliance requirements;
• Manage competing deadlines and multiple external inquires using effective organizational skills and attention to detail as demonstrated by prior work experience;
• Participate in efforts to evolve and streamline GRC solutions, processes and procedures;
• Collaborate with InfoSec, Privacy and GRC management and internal subject matter experts to support coordination, tracking, and reporting of GRC team strategy and goals; and
• Complete other tasks as assigned.
  

• Strong understanding of multiple risk management concepts, frameworks, and standards (CSC, NIST, ISO, COBIT);
• Demonstrated experience with the NIST Cybersecurity Framework and auditing security controls identified in NIST SP800-171 and NIST SP800-53A;
• Experience working with internal and external auditing firms;
• Strong understanding of information security concepts and technologies;
• Fundamental knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint;
• Strong communication skill with the ability to interact with various teams within the administrative and legal departments;
• Experience in the analysis of IT and Security control requirements and understanding of associated technology processes; and
• Strong understanding of due diligence and compliance documents (e.g. SOC II Type II, ISO 27001 Certification, SIG Questionnaires, Certificates of Insurance, Pen Test, etc.).

• Bachelor's degree (required); and
• At least 5 years of combined information technology and information security experience.

Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability.

Eligible employees can participate in the Firm's comprehensive benefits program, which include the following:

• Medical, Dental, Vision, Life/AD&D, Long Term Care, and Short- and Long-Term Disability
• Flexible Spending Account and Health Savings Account
• Healthcare Concierge and Advocacy
• Lifestyle Spending Account
• Voluntary 401(k) Plan and Profit Sharing
• 10 Paid Holidays per year and a generous PTO Program
• Family Support including Paid Parental Leave, Fertility Benefits, Breast Milk Shipping, Back-up Child Care, Elder Care, and Tutoring
• Wellbeing programs (Employee Assistance Program, Relationship Support, Mental Health and Well-Being Events)
• Retirement Plan Consulting
• Anniversary Bonus Program
• Professional Development Programs
• Transportation and Commuter Benefits
• International Travel Insurance
• Auto/Home/Pet Insurance
• Prepaid Legal Insurance
• Employee Discounts
• And More!

The Firm has a range of diversity initiatives including our Paul Hastings Affinity Networks (PHANs), Women's Initiative, and PH Balanced. These initiatives provide a firmwide forum to share experiences, as well as an opportunity to participate in a supportive network with common interests to help make life at the firm more inclusive. Learn more about our Global Diversity, Inclusion and Wellness Initiatives here.

Paul Hastings LLP is an equal employment and affirmative action employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.