IG Compliance & Security Analyst

Requirements

• Required :
• After orientation at Cooley LLP, exhibit proficiency in the Microsoft Office suite, iManage and other firm applications
• Ability to work extended and/or weekend hours, as required
• Ability to travel, as required
• 3+ years' experience in governance, risk and compliance (GRC) processes, solutions, information security and auditing; Eligible for consideration of Senior designation with 5+ years' directly applicable work experience, along with the proven ability to operate at an elevated level
• CISSP or equivalent certifications and/or experience
• Demonstrated ability to apply technology-related knowledge and experience in solving compliance issues
• Background in security controls, auditing, network and system security
• Proven practical experience in information security and well-rounded knowledge of technology
• Experience with managing and implementing ISO 27001 or NIST compliance practices
• Demonstrated experience evaluating the security posture of vendors and system architecture
• Prior experience implementing and running incident management programs and systems
• Prior experience in reviewing vendor agreements for security issues and providing recommendations
• Project management experience
• Preferred :
• Bachel

Additional Information

IG Compliance & Security Analyst Cooley is seeking an IG Compliance & Security Analyst to join the Information Governance & Data Privacy team. Position summary: The Information Governance (IG) Compliance & Security Analyst executes day-to-day compliance and security activities, including performing vendor and internal security assessments, supporting audits, and responding to client security requests. This role tracks risks, monitors adherence to policies and frameworks (e.g., ISO 27001, NIST), and works to document evidence, manage findings, and support remediation efforts. The analyst partners with business teams to address compliance requirements, maintain audit readiness, and apply best practices to reduce risk. Cooley (IG) embraces a culture of customer service excellence and all members of the department are expected to move this agenda forward. To that end, the IG Compliance & Security Analyst is expected to recognize that the Cooley IG Department is a service organization first and foremost and will be evaluated on this requirement equal in importance to the technical or operational responsibilities outlined later in this document. Specific duties and responsibilities include, but are not limited to, the following: Position responsibilities: Perform vendor security assessments and audits to prove up vendor's compliance with firm security policies and procedures in connection with vendor contracts, or internal inquiries Respond to clients' security assessment requests and audits to demonstrate firm's security compliance Participate in the management of the firm's ISO 27001 certification by engaging with auditors, collecting and presenting evidence, understanding the relevant firm policies, and working in the GRC platform Conduct both internal and external audits to ensure compliance with all industry-mandated regulations Work on compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures Monitor activities of assigned IS areas to ensure compliance with internal policies and standards Participate in the development and implementation of new business initiatives to ensure functionality required to support compliance Provide guidance to business functions on compliance/security-related matters Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables Conduct formal risk assessment reviews to determine the critical points of business exposure Evaluate and recommend commercial governance, risk and compliance vendors and tools Participate in the maintenance of the firm's governance, risk and compliance platforms.. Develop and maintain metrics that assess the firm's governance, risk and compliance initiatives Assess and track the firm's compliance to existing and future global regulations in privacy and security Assess and track the firm's compliance with standard security frameworks such as ISO and NIST Assist in the identification of risks, threats and vulnerabilities to firm Track risks and mitigation efforts Continued education in governance, risk and compliance forums and organizations to learn new ideas to solve problems Collaborate with team in evaluating effectiveness of the internal security control framework and recommend adjustments as business needs change Perform periodic security risk assessments and advise business stakeholders on best practices to reduce risk and overall breach profile Adhere to department's internal workflow processes All other duties as assigned or required

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at cooley? Share your experience