Jenner & Block (www.jenner.com) is a law firm with global reach, with more than 500 lawyers and offices in Chicago, London, Los Angeles, New York, San Francisco, Washington, DC. The firm is known for its prominent and successful litigation practice and experience handling sophisticated and high-profile corporate transactions. Firm clients include Fortune 100 companies, large privately held corporations, financial services institutions, emerging companies and venture capital and private equity investors. In 2016,The American Lawyernamed Jenner & Block to the A-List, which recognizes the top 20 US law firms. The American Lawyeralso recognized the firm as the #1 pro bono firm in the United States six of the past nine years; the firm has been ranked among the top 10 in this category every year since 1990.
The Security & Privacy Compliance Analyst is an Exempt position that reports to the Manager of Security & Privacy Compliance and the Chief Information Security Officer. Remote work option is available, but candidate should be able to periodically be present in one of the firm’s US offices (i.e., Chicago, New York, Los Angeles, San Francisco or Washington D.C. The scheduled work hours for the position are 8:45 a.m. - 5:15 p.m. (Monday - Friday) with additional hours as required.
ESSENTIAL JOB FUNCTIONS
The Security & Privacy Compliance Analyst assists in implementing and managing the firm’s compliance framework, procedures and processes relating to information security and privacy. Specific job function include, but are limited to, the following:
Implements and monitors the firm’s Information Security Management System (ISMS) according to the ISO 27001 standard, including preparing the firm for all audits and maintaining certification.
Implements and monitors the firm’s Privacy Information Management System (PIMS) according to the ISO 27701 standard, including preparing the firm for all audits and maintaining certification.
Develops, tests, documents, evaluates, tracks and improves information security controls for all information technology resources, applications, privacy and security protocols.
Develops and tracks security metrics to monitor Information Security program performance.
Implements security audit guidelines and workflow process, testing the capability, reliability and effectiveness of the firm's security systems, applications, protocols and procedures.
Assists with periodic risk assessments, risk treatment plans, and completion of risk treatment activities.
Collaborates with appropriate stakeholders to document and implement necessary policies and procedures to comply with ISO 27001 standards and to maintain certification.
Reviews and manages security requirements in third-party guidelines and agreements.
Works with appropriate personnel to respond to client generated security assessments.
Assists with the firm’s Vendor Risk Management program to ensure firm vendors meet the firm’s security and confidentiality requirements.
The firm seeks an experienced information security and privacy professional with demonstrated skills implementing security / privacy processes and programs. The ideal candidate (a) possesses a strong
understanding of industry security technology and audit controls with the ability to develop policies and procedures supportive of established audit requirements, (b) should demonstrate an ability to quickly assess security risks, identify controls/policies to mitigate security risks and establish documented procedures and protocols designed to ensure the firm’s information is protected and secure and (c) has experience implementing a privacy program, which may include privacy requirements under the GDPR, the UK Data Protection Act, the California Consumer Privacy Act and others privacy rules and regulations. Specific desirable qualifications include the following:
Undergraduate degree in computer science, information technology, related subject matters or equivalent work experience.
Knowledge of information security controls and standards, particularly ISO 27001/27002
Knowledge of privacy frameworks, particularly ISO 27701, rules and regulations related to privacy (e.g., HIPAA, GDPR) .
2+ years in an information security and / or privacy role, preferably in a law firm or other environment involving critical data and confidentiality management requirements.
General knowledge of enterprise security technologies, including SIEM, IDS/IPS systems and firewalls, antivirus, enterprise vulnerability scanning and testing, data at rest encryption technologies, etc.
Experience managing and responding to audits and other tests of security controls, developing audit plans and procedures, and reporting the results of such audits.
Experience writing/developing security / privacy policies and procedures.
CISSP, CISM, CRISC, CISA, GIAC, or other security certifications desired.
Strong analytical and problem solving skills.
Excellent communication (oral, written, presentation), interpersonal and consultative skills.
Able to work independently, self-directed.
COVID-19 VACCINATION PROTOCOL
Jenner & Block LLP requires all US employees be documented as fully vaccinated. Exemption requests related to a medical or pregnancy contraindication, or a sincerely held religious belief, will be reviewed and considered dependent on the firm's ability to provide an accommodation without undue hardship. The firm will not allow negative COVID-19 test results in lieu of verification of full vaccination.
Jenner & Block LLP is an equal opportunity employer. Recruitment and employment decisions are not made on the basis of an individual’s race, color, creed, religion, national origin, ancestry, citizenship status, age, non-disqualifying physical or mental disability or medical condition, genetic information, sexual orientation, sex, gender identity and/or expression, pregnancy, childbirth, breastfeeding or related medical conditions, arrest record, matriculation, personal appearance, political affiliation, marital, parental, veteran, military, or order of protection status, or any other protected status or that of their relatives, friends, or associates.