Latham & Watkins LLP Los Angeles, CA, USA
Jul 17, 2019
Latham & Watkins, a global law firm consistently ranked among the top firms in the world, is currently seeking a Cyber Security Compliance Analyst to join our winning team, located in our Global Services Office in downtown Los Angeles. The success of our firm is largely determined by our commitment to hire and develop the very best and brightest, creating a team that provides our clients with the highest quality of work and service. We are driven by our core values: respect, innovation and collaboration. The Cyber Security Compliance Analyst will receive a generous total compensation package. Bonuses are awarded in recognition of individual and firm performance. Eligible employees can participate in Latham's comprehensive benefit program including healthcare, life and disability insurance, flexible spending accounts, a 401k plan, and more! In addition, employees receive 10 paid holidays per year, and a PTO program that accrues 23 days during the first year of employment and grows with tenure. As a Cyber Security Compliance Analyst, you will be participating in the overall process related to client security audits, vendor security audits, and other security compliance activities (e.g., ISO 27001, penetration tests, other client responses, etc.). You will be working with the Cyber Security Compliance Manager and the Security Team to complete audit questionnaires and security-related sections of RFP responses, coordinate with 3rd parties to complete vendor reviews, and other security compliance tasks. In addition, you will also be responsible for the collection and organization of evidence for audits, project management of remediation items, and other compliance-related duties while accomplishing these and other critical functions: * Completing assigned client security reviews from intake through closure by identifying all necessary internal stakeholders based on the request, assembling relevant and appropriate documentation, and completing the appropriate forms and questionnaires required by Latham clients * Leading the vendor security audit process for assigned vendors including collection and review of submitted materials, follow-up of outstanding items, and drafting of summary reports * Maintaining relationships with 3rd party audit services both for our audits of vendors and those auditors working on behalf of our clients * Arranging penetration tests and vulnerability testing, scheduling tests and following up on results, delivering the results of internal and external system vulnerability scans, and arranging necessary internal follow-up to facilitate agreement and remediation of items * Reviewing team work for consistency and quality * Acting as a project manager for agreed security remediation efforts from client audits, vulnerability tests, vendor audits, etc. and ensuring successful disposition of each item * Assisting in creating reports and presentations for Senior Technology Management * Interfacing with staff throughout the firm to facilitate the efficient and secure use of Technology services * Preparing technical documentation and reports as required As a Cyber Security Compliance Analyst, you will be expected to apply your organizational and communication skills while displaying a positive, high-energy attitude. The successful Cyber Security Compliance Analyst must have experience in several of the following areas: business security practices and procedures, information security technologies, a variety of communication protocols and encryption techniques/tools, web services, and web security, including secure coding practices for web development, as well as an in-depth understanding of multiple frameworks. The Compliance Analyst must have the ability to communicate to both highly technical and highly business-oriented audiences, handle confidential and sensitive information with the appropriate discretion, and use independent judgment and discretion when making decisions. A Bachelor's degree in Information Systems, Computer Science, Engineering or related field is preferred. Five (5) years of Security and Technology Experience may be considered in lieu of a degree, and recognized security certification is preferred (e.g., CISA, CISSP). At least three (3) years of full-time work experience in IT audit or IT risk management with experience in performing security assessments, IT vendor risk assessments, and vulnerability management reviews is required. Qualified candidates are encouraged to apply by clicking the 'Apply Now' link. Latham & Watkins is an Equal Opportunity Employer. Our commitment to diversity, equal opportunity and sustainability enables Latham & Watkins to draw from a remarkable wealth of talent to create one of the world's leading law firms. Latham & Watkins LLP will consider qualified applicants with criminal histories in a manner consistent with the City of Los Angeles Fair Chance Ordinance. For information regarding family care and medical leave (CFRA), click here.