The Information Security Analyst role is responsible for ensuring the security of the firm’s data and systems. They will provide thought leadership and strategic input on the firm’s security policies, procedures, and standards. They will assist security operations by monitoring and assessing information security controls. They will respond to client outside counsel guidelines, questionnaires, and audits, and also conduct security assessments of vendors and other third-parties, ensuring these entities follow firm and client security requirements as well as industry best-practices. The Information Security Analyst will interface with Governance, IT Operations, and User Support groups as well as end users to audit and remediate gaps in security controls and processes.
Job Functions & Responsibilities
Identify and remediate control gaps, aligning firm systems with information security standards and client requirements
Provide technical insight to the Governance team for client information security assessments and governance, risk, and compliance initiatives
Lead information security projects with limited supervision
Lead and manage remediation activities resulting from audits
Cross-train and mentor other engineers and analysts
Provide project and task completion support for other IT staff
Research, test, and recommend information security products based on the firm’s information security strategy, cost / benefit, and risk reduction methodologies
Monitor and maintain endpoint protection, log aggregation, vulnerability management, data loss prevention, privileged session management, mobile device management, threat intelligence, and physical security systems
Monitor threat intelligence feeds and security tools, escalating potential incidents
Align firm security policies with business objectives and security requirements.
Coordinate with training resources to develop, maintain, and improve the firm’s security awareness and training programs, participating in such programs as needed
Provide after-hours support for data loss prevention and incident response as part of the information security on-call rotation
Assist with the information security budgeting process
Develop, maintain, and manage relationships with vendors and professional services
Develop and maintain documentation related to responsibilities
Perform other duties as assigned
Computers, phones, and other network based equipment
Key Technologies
Applicants should have an understanding and working knowledge of one or more of the following :
Security information event management (SIEM)
Vulnerability scanning and penetration testing
Endpoint protection
Intrusion detection and prevention
Data loss prevention systems
Identity and access management
Encryption and secure file transfer
Mobile device management
Windows server operating systems
Microsoft Office Suite
Cloud services (Microsoft 365, Azure)
TCP / IP protocols and networking
Security camera and key card systems
Security awareness and training methodologies
Disaster recovery and business continuity planning
Incident response protocols
Tools
Computers, phones, and other network based equipment
Minimum Job Qualifications
Perform other duties as assigned
High school diploma or GED
8+ years of technical experience with large (>
300 users) networks
CISSP required
Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood and actionable manner
Expert level client-service, writing, and verbal presentation skills, with excellent attention-to-detail and organization
Expert knowledge of information security frameworks (ISO 27001, CIS Critical Security Controls, NIST)
Expert knowledge of different attack scenarios, techniques, and countermeasures used to prevent those attacks
High level understanding of IT infrastructure, security, and datacenter operations, including networking, servers, storage systems, backups, remote access / thin clients, messaging systems, and database applications
Ability to organize and prioritize multiple assignments
Ability to work under the pressures of a dynamic and fast-paced environment
Ability to work extended hours, nights, weekends and rotating on-call duties
Physical Demands
Writing, typing, reading, speaking, hearing, seeing, sitting, bending, reaching, and lifting up to 25 lbs.
Working Conditions
Quiet office environment in a high-rise building, seated the majority of the time
Direct Reports
None
Competencies
Communicates effectively : Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences.
Being resilient : Rebounding from setbacks and adversity when facing difficult situations.
Collaborates : Building partnerships and working collaboratively with others to meet shared objectives.
Instills trust : Gaining the confidence and trust of others through honesty, integrity, and authenticity.
Customer focus : Building strong customer relationships and delivering customer-centric solutions.
Drives results : Consistently achieving results, even under tough circumstances.
Situational adaptability : Adapting approach and demeanor in real time to match the shifting demands of different situations.
Optimizes work processes : Knowing the most effective and efficient processes to get things done, with a focus on continuous improvement.
Manages complexity : Making sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
Strategic mindset : Seeing ahead to future possibilities and translating them into breakthrough strategies.
Salary Range : $88,300 – $175,000
The Information Security Analyst role is an amazing opportunity available on our team of professionals at Munger, Tolles & Olson, LLP! We are a talent-first Firm and are always looking for great people. We encourage you to apply even if the level of this position is not an exact match to your qualifications. This may not guarantee your placement into the opening; however, it is always worth exploring if there is an opportunity for the future.
About Munger, Tolles & Olson
Munger, Tolles & Olson has been consistently ranked on The American Lawyer’s A-List since its inception in 2004, including seven years in the top spot. We strive to hire only the most qualified and creative lawyers. We believe that clerkships provide valuable experience. In this regard, about 80% of our attorneys served as law clerks to federal or state judges and sixteen attorneys were clerks to U.S. Supreme Court Justices. We recruit and retain the best professional talent to support our Attorneys with a focus on service and excellence. We have a full spectrum of functional positions including Information Technology, Information Security, Accounting, Human Resources, Legal Support, and Marketing.
MTO is an equal opportunity employer and does not discriminate in employment on the basis of race, including but not limited to hair texture and protective hairstyles (for example, braids, locks, and twists), color, ethnicity, religion, gender, gender identity or expression, pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth and breastfeeding, marital or domestic partner status, parental or family care status, national origin, ancestry, age, sexual orientation, disability or medical condition, genetic characteristic, political affiliation, military or veteran status, or any other characteristic protected by federal, state or local law. It is the policy of Munger, Tolles & Olson LLP to prohibit discrimination, unlawful harassment (including sexual harassment), and retaliation. This commitment prohibits such conduct by any individual involved in MTO’s operations and by anyone doing business with or on behalf of Munger, Tolles & Olson LLP.