Information Security Communications Analyst - Major Law Firm (Remote)

The Analyst, Information Security Communications supports the Information Security Awareness Manager in implementing the Firm's information security awareness and training program, with a focus establishing and maintaining its ISO 27k awareness. The key to success in this position will be an ability to articulate and how security controls relate to business technology objectives. The primary function will be to support coordinated change management communications and training internal to the Technology divisions, promoting a common understanding of how to operationalize the Firm's technology processes and procedures. This position directly reduces information security risk by ensuring both the "how" and "why" of technology discipline (e.g., ISO 27k, NIST controls) are embedded into our culture.

As needed, this position will also support the PH Security Awareness Program Manager's efforts to drive a culture of security across the Firm. This position will support a broad set of activities, including: creating and communicating information security campaigns, alerts and communications; enforcing compliance with training requirements; communicating security policies to all personnel; communicating the value and impact of security controls within the Technology staff; and other tasks as assigned. The Analyst, Information Security Communications will also be responsible for regularly tracking and reporting related metrics.

The Analyst, Information Security Communications will support the Information Security Awareness Program Manager with the following:

• Standardize the understanding ofthe business value of ISO 27k / NIST security controls to the Firm's technology professionals;
• Train the Firm's technology professionals on current security control assessment practices;
• Advise on change management-related training and communications strategies for enhancing technology departments' process compliance;
• Continuously evaluate the effectiveness of existing information security training, education, and awareness program/activities;
• Mature and maintain the approach, goals, and objectives for the information security awareness and training program, including repeatable processes, reporting and metrics;
• Contribute to creating a culture of security by growing awareness, engaging users in security best practices, and reducing risky behaviors;
• Ensure that our information security awareness and training program communicates Firm security policies and requirements so that users know and understand them; and
• Collaborate with the information security team to identify areas of risk and develop targeted and roles-based information security training, education, and awareness activities.

In addition, the Analyst, Information Security Communications will be expected to have:

• A working knowledge of information security and risk mitigation principles, theories, and techniques in daily work;
• Demonstrated understanding and use of basic project management methodologies;
• Demonstrated experience with security controls, such as support for security reviews and audits;
• Excellent interpersonal skills with the ability to communicate effectively verbally and in writing with all levels within the organization, including both technical and non-technical personnel;
• Ability to communicate in a simple, clear, and concise manner to the various departments and personnel within the Firm;
• Creative thinking and understanding of audience to produce engaging materials in a variety of formats and media, including user guides;
• A high degree of independence, integrity and confidentiality;
• Demonstrated knowledge of NIST Cybersecurity Framework (CSF); and
• Exposure to ISO27001 certification requirements and/or certification maintenance.

Qualifications:

• Bachelor's degree (required); and
• At least 7 years' work experience in the Information Security sector.
• Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability.