This is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies. With a strong presence throughout Asia, Europe, Latin America, and the U.S., we have the global reach and extensive capabilities to provide personalized service wherever our clients’ needse take us. As one of the world’s leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth.
The Firm has a range of diversity initiatives including our firm (PHANs), Women’s Initiative, and PH Balanced. These initiatives provide a firmwide forum to share experiences, as well as an opportunity to participate in a supportive network with common interests to help make life at the firm more inclusive. Learn more about our Global Diversity, Inclusion and Wellness Initiatives
Responsibilities Duties:
We have an opening for a Senior Coordinator, Cyber Security Controls.
The Senior Coordinator, Cyber Security Controls will support the completion of compliance-related data requests from Firm clients to assess security policies and procedures and support Third Party Risk Assessment efforts. The Coordinator will support the Firm’s response to internal stakeholders and clients regarding security controls policy, processes, and procedures implemented for systems and applications, as well as support the Firm’s Third Party Risk Management (“TPRM”) function. This position requires strong communication skills, initiative, attention to detail and the ability to learn quickly.
In this capacity, the Cyber Security Controls Senior Coordinator will:
Review, understand and apply the Firm’s current cybersecurity program framework and relevant policies;
Complete external information security assessments and support status tracking of Client and TPRM assessments and provide reporting to appropriate stakeholders. (Client InfoSec Assessments and TPRM);
Support the Governance and Risk team in coordinating efforts relating to the development and execution of Controls, Risk and TPRM initiatives (e.g., Client InfoSec Assessments and TPRM surveys and risk assessment tasks;
Inventory, build and maintain the InfoSec and Governance and Risk artifact library (e.g., policies, standards, procedures, processes and guidelines);
Coordinate with external assessors and internal subject matter experts to address Governance and Risk inquiries;
Maintain an inventory of artifacts and risk assessment information for the TPRM document repository and the risk register;
Execute TPRM inquires in the event of event of high or critical National Vulnerability Database (“NVD”) or Client notifications;
Assist in further defining the process for completing information security control and TPRM assessments;
Support metrics and reporting of the Information Security Program through the collection and analysis of effectiveness security control measures;
Develop and maintain the status tracking related to findings from information security assessments;
Contribute to the creation of security related processes and procedures and relevant documents;
Work with InfoSec Directors and Managers to report existing information security program and ongoing security projects that address information security risks and compliance requirements;
Manage competing deadlines and multiple external inquires using effective organizational skills and attention to detail as demonstrated by prior work experience; and
Support various ad hoc projects across the InfoSec team (e.g., program enhancements, process improvements, and other functions).
Key Skills:
At least three years of combined information technology and information security experience;
Fundamental understanding of multiple risk management concepts, frameworks, and standards (CSC, NIST, ISO, COBIT);
Demonstrated experience with the NIST Cybersecurity Framework and auditing security controls identified in NIST SP800-171 and NIST SP800-53A;
Experience working with internal and external auditing firms;
Fundamental understanding of information security concepts and technologies; and
Fundamental knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.
Experiance Qualifications:
A minimum of 4+ years professional work experience; and