Analyst, Cybersecurity and Compliance

White & Case Llp - Tampa, FL

posted 3 months ago

Full-time - Mid Level
Hybrid - Tampa, FL
Professional, Scientific, and Technical Services

About the position

The Analyst, Cybersecurity and Compliance at White & Case will play a crucial role in safeguarding the firm against cybersecurity threats. This position involves assisting the Senior Analyst in identifying, evaluating, and monitoring potential cybersecurity risks. The Analyst will collaborate with various teams within the firm to ensure effective management of Governance, Risk Management, and Compliance (GRC) areas, including Audits, Information Security Certifications, and Vendor Management Risks. The role requires adherence to industry and cybersecurity standards, as well as compliance with client and government regulations. In addition to risk management, the Analyst will assist stakeholders in integrating appropriate security measures into business operations, system designs, and software development processes. This includes enhancing and implementing processes that aid in planning remediation strategies to ensure compliance with policies and regulations. The Analyst will provide valuable insights for risk prioritization and prepare reports that highlight trends, risk levels, and metrics. Building trust and fostering cross-functional partnerships will be essential to elevate awareness and successfully implement cybersecurity controls across the firm. The position is hybrid, based in the Tampa office, and may involve international travel. The Analyst will report to the Senior Manager of Security and Business Continuity, contributing to a diverse and inclusive workplace that values collaboration and excellence.

Responsibilities

  • Assist and improve the GRC function
  • Provide support for internal assessments and audits at planned intervals and on an ad hoc basis
  • Evaluate and validate the design and operational effectiveness of technical and administrative controls
  • Mentor other teams in GRC management principles and practices
  • Assist with monitoring open audit items from internal audits and external compliance/client/certification audits
  • Support continuous monitoring processes to assess compliance with information security policies and standards
  • Provide compliance subject matter expertise support to various departments
  • Conduct third-party vendor information security assessments and ongoing third-party assurance activities
  • Design, manage, and update compliance-related documentation and reports
  • Create necessary road maps for regulatory compliance

Requirements

  • At least three years of experience within GRC, specifically vendor & risk management standards and frameworks
  • Possessing or working towards cybersecurity certifications such as CRISC, CISM, CGEIT, CISA, CISSP
  • Understanding of industry standards, certifications, and regulations including NIST800/CSF, ISO 27001
  • Experience with compliance programs related to SSAE16 SOC1, SOC2, PCI, and/or NIST-800-53
  • Working knowledge in Cloud Security assessments, systems, tools, and web application reviews including Secure SDLC life cycle assessments
  • Proficient in Microsoft Office applications, especially Excel and data manipulation
  • Attention to detail and strong analytical thinking skills
  • Ability to prioritize and manage multiple tasks under pressure
  • Good verbal, written, and numeric skills

Nice-to-haves

  • Experience with enterprise infrastructure and application monitoring tools
  • Ability to travel or work overtime as needed

Benefits

  • Disability insurance
  • Health insurance
  • Dental insurance
  • 401(k)
  • Parental leave
  • Vision insurance

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service