Analyst, Cybersecurity and Compliance
United States-Tampa
White & Case LLP
White & Case is an international law firm that helps companies, governments and financial institutions achieve their global ambitions. Our clients face complex challenges, and our lawyers' innovative approaches consistently deliver results for...Firm Summary
White & Case is an elite global law firm serving leading companies, financial institutions and governments worldwide. Our long history as an international firm means we are perfectly placed to help our clients resolve their most complex legal challenges wherever they may be. With lawyers operating from more than 40 locations, working in virtually every country of the world, we have invested heavily in building a high-quality full-service practice competing at the top of the market. We are distinguished by our on-the-ground presence in the world’s key financial markets and our strengths in handling complex cross-border work. It’s not just about our global network of offices; it’s the global interconnectedness of the Firm that our people, and our clients, value most. We work well together across geographic and practice boundaries. It’s one of the reasons we attract and retain cross-border work. And why we attract a diverse group of people. Our lawyers are globally minded, enterprising, collaborative and committed to excellence. Diversity is a core value of our Firm and it has been recognized with numerous awards and top rankings around the world. Our people represent 90 nationalities and speak 80 languages.
Position Summary
The Analyst, Cybersecurity and Compliance will assist the Senior Analyst, Cybersecurity and Compliance in protecting the firm against cybersecurity threats. The team is tasked with identifying, evaluating, and monitoring potential cybersecurity risks. They will collaborate with various teams within the firm to ensure that Governance, Risk Management, and Compliance (GRC) areas such as Audits, Information Security Certifications, and Vendor Management Risks are effectively managed. This includes adhering to industry and cybersecurity standards, as well as client and government regulations. Furthermore, the Analyst, Cybersecurity and Compliance will assist stakeholders in incorporating appropriate security measures into business operations, system designs, and software development processes. This role is responsible for assist in enhancing and implementing processes that assist in planning remediation strategies to ensure compliance with policies and regulations. By providing valuable insights for risk prioritization, the Analyst will prepare reports that highlight trends, risk levels, and metrics. They will focus on building trust and fostering cross-functional partnerships to elevate awareness and successfully implement cybersecurity controls across the firm. .
Duties and Accountabilities1
- Assist and improve the GRC function
- Provide support for internal assessments and audits at planned intervals and on an ad hoc basis to evaluate and validate the design and operational effectiveness of technical, and administrative controls to help reduce risk in the organization
- Mentor other teams in GRC management principles and practices
- Assist with monitoring open audit items from internal audits and external compliance/client/certification audits to ensure completion of remediation activities defined in the agreed action plans and risk treatment plans
- Support continuous monitoring processes to assess compliance with information security policies and standards, legal and regulatory compliance
- Provide compliance subject matter expertise support to various departments
- Assist with conducting third-party vendor information security assessment and ongoing third-party assurance activities
- Design, manage, and update company’s compliance related documentation and reports
- Create any necessary road maps for regulatory compliance
Qualifications
- At least three years of experience within GRC, specifically vendor & risk management standards and frameworks
- Possessing or working towards a cybersecurity certifications, CRISC, CISM, CGEIT, CISA,CISSP, etc.
- Possessing an understanding of industry standards, certifications, and regulations including NIST800/CSF, ISO 27001
- Experience with compliance programs related to SSAE16 SOC1, SOC2, PCI, and/or NIST-800-53
- Working knowledge in Cloud Security assessments, systems, tools, and web application reviews including Secure SDLC life cycle assessments
- Working knowledge of enterprise infrastructure and application monitoring tools
- Proficient in Microsoft Office applications; SME in Excel and data manipulation
- Attention to detail. Clear logical and analytical thinker
- Able to prioritize and manage multiple tasks under pressure
- Good verbal, written and numeric skills
- Ability to travel or work overtime, as needed
Location and Reporting
- This is a hybrid role based in our Tampa office with potential for international travel.
- This role reports to the Senior Manager, of Security and Business Continuity.
Equal Opportunities
White & Case is an Equal Employment Opportunity (EEO) employer and is committed to creating a diverse and inclusive workplace. It is our Firm’s policy to recruit, employ, train, compensate and promote without regard to race, color, religion, creed, national origin, age, gender, sexual orientation, marital status, military or veteran status, disability, genetic information, or any other category protected by applicable law.
Applicants who are interested in applying for a position and require an accommodation during the process should contact talent.acquisition@whitecase.com.
Benefits
White & Case LLP offers a comprehensive suite of benefit programs to all eligible employees, including medical, dental, and vision insurance, life and disability coverage, 401(k) retirement savings, vacation time, and leave programs (including parental leave). Exempt roles are also performance bonus eligible.
The Firm may modify and amend this job description at any time at its sole discretion. Nothing herein creates a contract of employment or otherwise modifies the at-will nature of employment.
1The above is a general description of the essential duties associated with this position and does not represent an exhaustive or comprehensive list of all duties.
Primary Location
: United States-Tampa Expected Workplace: HybridJob Posting
: Oct 8, 2024, 1:03:07 PM* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISM CISSP Cloud Compliance CRISC Governance ISO 27001 Monitoring NIST NIST 800-53 Risk management SDLC Security assessment SOC 1 SOC 2 Travel Vendor management
Perks/benefits: Flex vacation Health care Insurance Medical leave Parental leave Salary bonus Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.