Cybersecurity Analyst

Cybersecurity Analyst

The Cybersecurity Analyst is instrumental in safeguarding the firm's digital assets, client information, and case-related data by establishing and upholding security measures that align with the ISO 27001 Information Security Management System (ISMS). This proactive role is focused on monitoring, detecting, and responding to security threats, ensuring compliance with legal and industry data protection standards, and supporting ongoing risk and compliance initiatives. Your efforts will be vital in maintaining client trust, upholding the confidentiality of sensitive information, and fulfilling ethical and regulatory obligations in the legal sector.

Key Responsibilities: • Conduct security monitoring and incident response. • Implement risk management strategies in line with ISO 27001. • Manage vulnerabilities and analyze threat intelligence. • Oversee governance, policy frameworks, and compliance measures. • Promote security awareness and lead initiatives for continuous improvement. • Enforce access control measures and ensure data protection.

Required Knowledge and Skills: • Strong analytical, problem-solving, and investigative abilities. • Excellent communication skills capable of translating technical findings into business terms. • Detail-oriented with a deep sense of confidentiality and ethical responsibility. • A collaborative attitude that works well with attorneys, IT teams, and vendors. • A commitment to continuous learning, keeping up with emerging cyber threats and regulatory changes. • Ability to detect and respond to security incidents timely, measuring performance against Help Desk ticketing SLAs. • Experience in maintaining and enhancing ISO 27001 certification and audit readiness. • A track record of reducing identified vulnerabilities and repeat compliance findings. • Adherence to data protection requirements of the firm and clients. • Engagement metrics from user awareness and training initiatives.

Education and Experience: • Bachelor's degree in Information Security, Computer Science, Information Technology, or related field; equivalent experience considered. • 2-8 years of experience in IT, information security, risk management, or compliance in a legal or professional services environment. • Technical Skills: • Familiarity with ISO 27001, NIST CSF, or CIS Controls. • Proficiency in SIEM platforms (e.g., Splunk, Sentinel, LogRhythm). • Strong understanding of network protocols, IDS/IPS, and endpoint security solutions. • Experience with vulnerability management tools (e.g., Qualys, Nessus) and ticketing workflows. • Knowledge of encryption, DLP, and secure file transfer solutions used in legal settings. • Understanding of cloud security concepts (Microsoft 365, Azure, or AWS). • Familiarity with scripting and automation tools/techniques. • Knowledge of EDR/XDR solutions and providers. • Certifications (Preferred): • CompTIA Security+ • Certified Cisco Network Associate (CCNA) • Systems Security Certified Practitioner (SSCP) • Certified Information Systems Security Professional (CISSP)

Additional Information: • Support and assist in additional tasks as directed by supervisors. • This job description may be updated at any time. • Work options may be hybrid or remote based on company policy. • Travel to other offices or for industry conferences may be required. • This position will involve rotating on-call duties, occasional after-hours work during audits or compliance deadlines, and responding during incidents. • Must maintain strict confidentiality and ethical handling of client and firm data.

Compensation:

The salary for this position will be based on skills, experience, education, external market data, and internal equity. The anticipated salary range for this role is $85,000 to $95,000.