Senior Analyst, Cybersecurity and Compliance

Senior Analyst, Cybersecurity and Compliance

Firm Summary

White & Case is an elite global law firm serving leading companies, financial institutions and governments worldwide. Our long history as an international firm means we are perfectly placed to help our clients resolve their most complex legal challenges wherever they may be.

With lawyers operating from more than 40 locations, working in virtually every country of the world, we have invested heavily in building a high-quality full-service practice competing at the top of the market.

We are distinguished by our on-the-ground presence in the world’s key financial markets and our strengths in handling complex cross-border work.

It’s not just about our global network of offices; it’s the global interconnectedness of the Firm that our people, and our clients, value most.

We work well together across geographic and practice boundaries. It’s one of the reasons we attract and retain cross-border work.

And why we attract a diverse group of people.

Our lawyers are globally minded, enterprising, collaborative and committed to excellence. Diversity is a core value of our Firm and it has been recognized with numerous awards and top rankings around the world.

Our people represent 90 nationalities and speak 80 languages.

Position Summary

The Senior Analyst, Cybersecurity and Compliance plays a pivotal role in protecting the firm against cybersecurity threats.

This position is tasked with identifying, evaluating, and monitoring potential cybersecurity risks. They will collaborate with various teams within the firm to ensure that Governance, Risk Management, and Compliance (GRC) areas such as Audits, Information Security Certifications, and Vendor Management Risks are effectively managed.

This includes adhering to industry and cybersecurity standards, as well as client and government regulations.

Furthermore, the Senior Analyst, Cybersecurity and Compliance will guide stakeholders in incorporating appropriate security measures into business operations, system designs, and software development processes.

This role is responsible for enhancing and implementing processes that assist in planning remediation strategies to ensure compliance with policies and regulations.

By providing valuable insights for risk prioritization, the Analyst will prepare reports that highlight trends, risk levels, and metrics.

They will focus on building trust and fostering cross-functional partnerships to elevate awareness and successfully implement cybersecurity controls across the firm.

Our Technology Team

Technology at White & Case plays a key role in enabling our lawyers in practicing law around the world.

Our team comprises of three functions : Business Services who maintain, develop and support our enterprise systems, Operations who design, build and support our communications and data center operations, and Support Services who provide desktop, meeting and training support in the Firm’s offices.

Together we support our lawyers with leading edge technology and systems to deliver elite legal and best-in-class client service.

Globally minded and diverse, our team covers a range of technical disciplines and business skill sets. This encompasses from business analysts, data architects, application developers and engineering staff covering range of technologies that include virtualization, cloud, networking, storage, collaboration services and security.

We deploy the latest technology and hardware within our state-of-the-art offices. Our technical support staff support and train our people on the latest hardware and operating systems, remote working capability, and mobile devices.

Our Shared Services centers provide Service Desk, Security and Network Operation Centers that providing support and monitoring of Firm systems 24 x 7.

Working closely with our business services colleagues in support of the Firm’s Finance, People, Marketing departments. The Technology team is at the heart of the Firm’s global operations.

Duties and Accountabilities

• Maintain and improve the GRC function.
• Provide support for internal assessments and audits at planned intervals and on an ad hoc basis to evaluate and validate the design and operational effectiveness of technical, and administrative controls to help reduce risk in the organization.
• Mentor junior GRC Analysts on the team.
• Assist with monitoring open audit items from internal audits and external compliance / client / certification audits to ensure completion of remediation activities defined in the agreed action plans and risk treatment plans.
• Support continuous monitoring processes to assess compliance with information security policies and standards, legal and regulatory compliance.
• Provide compliance subject matter expertise support to various departments.
• Assist with conducting third-party vendor information security assessment and ongoing third-party assurance activities.
• Design, manage, and update company’s compliance related documentation and reports.
• Create any necessary road maps for regulatory compliance.

Qualifications

• 5-7+ years of experience within GRC, specifically vendor & risk management standards and frameworks.
• Possessing any cybersecurity certifications, CRISC, CISM, CGEIT, CISA,CISSP, etc.
• Possessing an understanding of industry standards, certifications, and regulations including NIST800 / CSF, ISO 27001.
• Experience with compliance programs related to SSAE16 SOC1, SOC2, PCI, and / or NIST-800-53.
• Working knowledge in Cloud Security assessments, systems, tools, and web application reviews including Secure SDLC life cycle assessments.
• Working knowledge of enterprise infrastructure and application monitoring tools.
• Proficient in Microsoft Office applications; SME in Excel and data manipulation.
• Attention to detail. Clear logical and analytical thinker.
• Able to prioritize and manage multiple tasks under pressure.
• Good verbal, written and numeric skills.
• Ability to travel or work overtime, as needed.

Location and Reporting

• This role is based in Manila with potential for international travel.
• This role reports to the Sr. Manager of Security and Business Continuity.

Primary Location

United States-TampaExpected Workplace : Hybrid

Job Posting

May 6, 2024, 10 : 35 : 50 PM