Simpson Thacher & Bartlett LLP logo

Information Security Assurance Analyst

Simpson Thacher & Bartlett LLP
Full-time
On-site
New York, United States
$110 - $135 USD yearly

Reporting to the Director, IT Governance, Risk Management & Compliance, the Information Security Assurance Analyst will be responsible for managing client audit requests, responding to Information Security questionnaires, and supporting Firm Information Security certifications. The Information Security Assurance Analyst will also manage internal IT and Information Security risk assessments and help achieve regulatory compliance.

The ideal candidate is detail-oriented with strong organizational and communication skills and can facilitate timely and accurate responses to client inquiries. The candidate must be able to effectively collaborate across functions to ensure that required Information Security controls are in place, coordinate across teams to gather evidence artifacts, and craft comprehensive audit responses that align with legal and regulatory standards.

Success in this role contributes to positive client relationships, regulatory compliance, and the overall reputation of the Firm.

Responsibilities

  • Manage, track, and ensure timely closure of client information security audits and serve as internal and external primary point of contact during audits

  • Respond to client Information Security questionnaires, including security outreach, vulnerability notifications, and responsible disclosures

  • Support Firm ISO 27001, ISO 27702, and ISO 22301 certifications

  • Participate in internal IT and IS risk assessments

  • Collaborate across functions and teams to gather relevant information, documentation, and evidence as needed

  • Communicate proactively with clients, addressing inquiries and providing updates on the status of the audit response

  • Develop, build and continuously update centralized repository for audit-related documentation, ensuring easy retrieval and access for future reference

  • Partner with the Office of the General Counsel and Firm Communications to draft client communications during security incidents

  • Provide guidance to IT group members and firm personnel on related policies, firm procedures, regulatory rules and compliance

  • Monitor legal and regulatory changes and developments; advise Director and develop appropriate strategies, corrective actions, communications.

  • Proactively assesses potential risks and opportunities for improvement

  • Develop and report on key performance indicators (KPIs) to measure the efficiency and effectiveness of the overall security assurance program

Education

  •  Bachelor’s degree, IT related discipline or equivalent experience

Preferred

  • Professional certifications, such as CISSP, CISA, CGEIT or CISM

Skills and Experience

  • 5+ years of experience in Information Security, IT Audit, IT Risk Management, or Third-Party Risk Management

  • 2+ years of experience working in a security assurance role Working knowledge of security control frameworks, such as ISO, SOC, NIST, COBIT, or  similar

  • Familiar with SIG-Lite and other third-party risk assessment frameworks

  • Understanding of data security regulatory frameworks

  • Strong knowledge of technology risk management concepts and their application

  • Must be able to work collaboratively in a team environment

  • Ability to handle sensitive and/or confidential material with discretion

  • Excellent interpersonal skills and a professional demeanor; ability to work effectively with all levels of Firm personnel and vendors

  • Excellent written and verbal communication skills

  • Strategic thinker with strong analytical and problem-solving skills

  • Demonstrated project management and organizational skills, with strong attention to detail & ability to respond quickly and positively to shifting demands

  • Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation

NY only: The estimated base salary range for this position is $110k to $135k at the time of posting.

The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.

#LI-Hybrid

Privacy Notice

For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.

Simpson Thacher & Bartlett is committed to a collegial work environment in which all individuals are treated with respect and dignity. The Firm prohibits discrimination or harassment based upon race, color, religion, gender, age, national origin, citizenship status, disability, marital or partnership status, sexual orientation, protected veteran’s status or any other legally protected status. “Gender” includes actual or perceived sex, a person’s gender identity, self-image, appearance, behavior or expression, whether or not that gender identity, self-image, appearance, behavior or expression is different from that traditionally associated with the legal sex assigned to that person at birth. This Policy pertains to every aspect of an individual’s relationship with the Firm, including but not limited to recruitment, hiring, compensation, benefits, training and development, promotion, transfer, discipline, termination, and all other privileges, terms and conditions of employment.

Apply now
Share this job
Twitter Facebook Linkedin Email
Job expired?