Security Risk & Compliance Assistant

The Security Risk and Compliance Assistant’s primary responsibility is to coordinate the Firm’s security compliance efforts and support the Firm’s overall information security program in collaboration with other key stakeholders in the Firm. Reporting to the Firm’s Security Risk and Compliance Analyst, the assistant will have a range of responsibilities to assist with the Firm’s interaction and compliance with client-directed security controls, the Firm’s internal security governance and compliance efforts, and furtherance of the Firm’s information security initiatives to satisfy to the Firm’s ethical, legal and contractual obligations.

JOB RESPONSIBILITIES:

• Provide administrative assistance to the Security Risk & Compliance Analyst to coordinate and execute projects designed to manage and reduce risk for the firm and its clients.


• Assist Security Risk & Compliance Analyst in maintaining files related to risk management and compliance functions and identifying, tracking, and mitigating risks related to firm and client information.


• Assist Security Risk and Compliance Analyst to develop, maintain, evaluate, and implement policies and procedures in line with business requirements and national and international legislative and regulatory changes (i.e., ISO 27001/22301, HIPAA, NIST).


• Assist with maintaining an inventory of security improvement opportunities and action items; prepare periodic reports on trends and compliance.


• Assist with status reports on security matters to develop security risk analysis exceptions.


• Assist with security and risk management audits, assessments, and mitigation plans.


• Assist with the creation and maintenance of security and risk management documentation, including policies, procedures, internal risk assessments, risk registries, and similar tracking documents.


• Assist with security risk management programs such as access management, vulnerability management, business continuity, data protection, and risk governance.


• Assist with third-party vendor risk management program.


• Other duties, as assigned, are based on the ongoing evolution of the Information Security program.

KNOWLEDGE, SKILLS, AND ABILITIES:

• Proficiency with Microsoft Office Suite 365 (Word, Excel, Power Point, etc.).


• Ability to learn and adopt to innovative technology and software packages specific to Governance Risk & Compliance.


• Willing to learn department specific databases or software as necessary (e.g., Vendor Risk Management and project tracking software).


• Bachelor’s degree with a cyber risk or cybersecurity focus or a combination of a cyber-security certificate from an accredited two year college program at least two years o of office clerical or general office experience required


• Foundational understanding of Information Security controls, governance principles, and standards/frameworks (e.g., NIST Cybersecurity Framework and the Health Insurance Portability and Accountability Act (HIPAA).


• A passion for learning about Information Security in the legal industry.


• Ability to always provide Distinctively Robinson Bradshaw service to all internal and external clients.


• Actively participates as a member of a team to move forward toward the completion of team goals.


• Demonstrate good critical thinking, analytical, and critical thinking skills, and ability to share constructive insights.


• Works effectively and cooperatively with others; establishes and maintains good working relationships.


• Ability to communicate effectively both verbally and in writing.


• Ownership, accuracy, and thoroughness of work product; work must be complete and organized.


• Strong ethical standards and a commitment to maintaining confidentiality and integrity in all activities.


• Must be able to travel as needed to support remote offices and attend training or conferences.


• Ability to work in a hybrid environment remotely and regularly in the office.).