The New York office of an elite Global Law Firm is looking to hire an experienced Information Governance Analyst to join the Electronic Information Governance Department. The Information Governance Analyst provides day to day services in support of Firm and client needs, assuring electronic information is secured and monitored, and IS compliance objectives are met. The Information Governance Analyst will report to the Electronic Information Governance Director and work closely with lawyers and business professionals throughout the firm.
Responsibilities
Provide services relating to governance and assurance for handling of the Firm's electronic information, including:
Review of client guidelines ("outside counsel guidelines") as they relate to information security and management, and coordinate with various teams to ensure compliance with requirements
Review and assessment of third parties with privileged access to Firm and client information
Review and assessment of new products/workflows from an information governance perspective, with associated recommendations to maximize security and compliance with Firm practices
Responding to information security assessments requested by clients, and support of client audits of Firm systems
Support of the Firm's continued ISO 27001 and 27701 certification via collection of evidence, participation in relevant audits, and other supporting processes
Assistance with Firm data privacy initiatives, including upkeep of Firm data maps, DPIA, data subject requests, etc.
Assess handling of matter-specific information within the Firm, including:
Periodic reviews of business units that administer logical access controls
Periodic reviews of privileged access groups
Review and monitor sensitive data flows to ensure requirements are legitimate
Monitoring and management of Firm data loss prevention ("DLP") technologies, with investigation as appropriate
Implementation of legal holds and management of legal hold systems, processes, and data
Coordination of data collection from internal systems in support of internal groups
Coordination of data transfers for incoming and outgoing attorneys
Assist with other information governance and compliance needs for the Firm and clients as needed
Requirements
Expertise in the principles and best practices of information governance and assurance
Experience responding to internal and external client IT audits
Experience with M365 including Purview eDiscovery, Purview Information Protection, and associated best practices
Broad knowledge of compliance tools, processes and GRC field in general
Experience with writing policies and procedures
Knowledge of relevant laws and best practices relating to data privacy and information assurance
Able to handle multiple projects and priorities simultaneously with professionalism, client service orientation, attention to detail, and sense of urgency
Superior writing and verbal communication skills
Superior analytical and problem-solving abilities
Ability to independently apply aforementioned skills to issues and initiatives
Bachelor's degree required
At least 6 years direct experience working in information governance and experience in a mature, high-performing professional organization
Information assurance, compliance, and M365 certifications preferred. Examples include CISA, CISSP, CISM, CGEIT, etc.
Work Requirements
On site during normal working hours (hybrid work environment)
Availability when necessary outside of normal working hours as required to complete high priority work