Make an impact at Goodwin, where we partner with our clients to practice law with integrity, ingenuity, agility and ambition. Our 1,800 lawyers across the United States, Europe and Asia excel at complex transactions, high-stakes litigation and world-class advisory services in the technology, life sciences, real estate, private equity and financial industries. Our unique combination of deep experience serving both the innovators and investors in a rapidly-changing, technology-driven economy sets us apart. Also a global destination for business professionals, Goodwin’s team of professional staff was named in 2019 the “Best Business Team” by The American Lawyer.
The Information Security Analyst is a newly created role within the firm’s Information Security team. As the IS Security Analayst, you will help meet increased internal and client information security demands and growing compliance needs. Currently, the Information Security team is comprised of four full time positions responsible for security at the firm. Internal and client demands have risen dramatically over the last twelve months as new client requirements, internal technologies, and certifications have expanded in scope. Additional compliance requirements centered on privacy are also a major area of growth. This position is critical to maintain the firm’s information security standing with clients and industry as a whole.
What you will do:
-
Complete client audit requests to ensure firm compliance, these requests have doubled within the last year.
-
Expand security auditing and ensure the proper ongoing operations of security tools.
-
Provide internal information security for other business and IT projects. This includes identifying, documenting and implementing secure configurations and architectures.
-
Oversee information security processes and implementation of policies.
-
Responsible for security metrics on a monthly basis to ensure the proper service levels are maintained.
-
Provide additional coverage for approvals and notifications to other IT groups for critical time-sensitive operations including firewall changes, password reset approvals, and application vetting.
-
Ongoing reviews of access controls by investigating improper access; revoking access; reporting violations; monitoring requests; recommending improvements.
-
Provide technical leadership for incident response capabilities including malware analysis, breach investigation, and remediation efforts.
-
Provide internal consulting on Privacy matters including GDPR.
-
Maintain awareness of industry trends and their advantages with the ability to make recommendations for improving technology used by the firm.
-
Assist in negotiations of software licensing and support agreements.
-
Participate in and/or manage cross-functional team projects to implement new or updated technology.
-
Cross-train other IT staff in the use or maintenance of technology.
-
Effectively manage medium projects.
-
Display professionalism, quality service and a “can do” attitude to internal members/departments of the Firm as well as external clients and vendors through verbal and in-person communications.
-
Provide information security knowledge transfer to other IT staff and business.
-
Assume additional responsibilities as assigned.
Who you are:
-
Expert knowledge in IT Security frameworks and solutions.
-
Active participation in IT Security Forums inside/outside of the Legal Industry.
-
Excellent technical communication skills with a strong desire to achieve customer satisfaction; must be able to communicate effectively across entire organization.
-
Operating knowledge of security configurations with respect to one or more of the following security products:
-
SIEM: Splunk, IBM QRadar, HP Arcsight
-
Endpoint Security: Carbon Black, Symantec, Beyond Trust
-
Firewalls: Palo Alto Networks, Cisco, McAfee, Checkpoint
-
IDS/IPS: Palo Alto Networks, Cisco, FireEye
-
NAC: Cisco, Aruba
-
Operating knowledge of security issues associated with one or more of the following network platforms and related Edge devices: Cisco, Nexus, Checkpoint, Aruba, Riverbed
-
Strong security knowledge of O/S (desktop and server) Security – Windows, Linux.
-
Strong security knowledge of browser security issues (IE, Safari, Chrome).
-
Ability to learn new technologies and security features.
-
Knowledge of Windows and Unix (Linux) operating systems.
-
Excellent analytical, problem solving and troubleshooting skills.
-
Excellent organizational, interpersonal, communication and customer service skills.
-
Knowledge of ITIL Service Management principles.
-
Educated to degree level or equivalent.
-
3+ years’ experience working in the capacity of an Information Security Analyst.
-
CISSP or equivalent preferred.
Goodwin Procter LLP is an equal opportunity employer. This means that Goodwin Procter LLP considers applicants for employment, and makes employment decisions without unlawful discrimination on the basis of race, color, gender, gender identity or expression, age, religion, national origin, citizenship status, disability, medical condition, genetic information, marital status, sexual orientation, military or veteran status, or other legally protected status.
