Senior Analyst, Information Security

Job Description

We are a global law firm with a powerful strategic focus and real momentum. Our industry-focused strategy is seeing us take on pioneering work in places that others have yet to reach. Our shared values define our culture and our workplace. You will find us to be unusually collegial, team-oriented, and ready to innovate. We work seamlessly across practices, offices and around the world. This elimination of boundaries has allowed us to evolve into a law firm that works as hard for its culture as it does for its clients.

The Senior Information Security Analyst is one of several such Analyst roles in the firm. Each Analyst is responsible for assisting with the day to day operation of CISO office tasks. Analysts are also encouraged to participate in proactively identifying sources of vulnerability and threat.

The role will be part of a worldwide team that is empowered to operate the activities within their assigned function. Daily activities will focus heavily on request, event and incident management and direction will be provided by the Information Security Manager.

Norton Rose Fulbright is committed to the professional development of its staff. There will be significant development opportunities for the Senior Information Security Analyst role, both through on-the-job learning and targeted training. The CISO team also embrace a mentoring and meritocratic approach.

The success of this role is dependent upon building a lasting alignment between information security provisions and business requirements. In particular, the role must consider:

• The special requirements of the Firm with regard to client confidentiality, as well as regulatory requirements such as data protection.
• Achieving a balance between protecting the firm and ensuring that users can work effectively; being pragmatic but cognizant of risk.

Key Objectives:

• Ensure that the Firm has the requisite capability to investigate, prevent and remediate against security breaches, viruses and deviations from security procedures.
• Act as a technical expert in the security field with a solid understanding of Norton Rose Fulbright's Information Security infrastructure and act as its champion in relation to Information Security.
• Assist with Information Security monitoring and act as a technical point of escalation for any alerted issues.
• Manage the global Information Security incident / request queue.
• Assist with a program of educational, procedural and technical improvements aligned with the Information Security Management System.
• Assist with the management of technical controls defined within the Information Security Management System.

Responsibilities include, but are not limited to:

• Act as a champion for Information Security best practice and policies.
• Act as an intermediate escalation point and technical mentor for other members of the analyst team.
• Operate and manage security incidents and requests to SLA guidelines.
• Review, action, and escalate, any unusual event behavior identified.
• Assist with development and maintenance of the Firm-wide security infrastructure configuration, policies and procedures, identifying improvements to procedures, and reporting on incidents.
• Actively promote security governance in support of the Information Security policies, to ensure appropriate measures are taken to secure the Firm's confidentiality and integrity.
• Encourage cooperative working with all business functions to achieve shared goals, ensuring skills transfer and technical security awareness within the teams. This includes writing process documents and conducting training.
• Work cooperatively with project teams to ensure that new project and changes adhere to Information Security policies and governance standards.
• Identify threats and vulnerabilities.
• Keep a technical industry awareness of security risks and exposures and proactively promote effective counter-measures.
• Configure appropriate security parameters in monitoring systems and act as a technical point of escalation for any alerted issues.
• Perform document reviews and privileged account reviews.

Experience / Skills:

• Technical bachelor's degree or equivalent IT / Information Security experience (required).
• At least 5 years' experience working within Information Security infrastructure or vocation to move from another technical discipline.
• Proven ability to adapt quickly to emerging threats or new information, shifting focus as needed.
• Demonstrated expertise in Microsoft 365 Defender and Azure Sentinel for detecting, investigating, and responding to suspicious behaviors and anomalous activities.
• Familiarity with endpoint security solutions and security infrastructure, including EDR, vulnerability management tools, DLP solutions, and removable media encryption.
• Working knowledge of cloud based web and email filtering solutions such as , Zscaler, Mimecast, Proofpoint, or Cisco. Experience with securing cloud environments (AWS, Azure, GCP), including configuration management, identity and access controls, monitoring, and incident response.
• Familiarity with cloud security tools (e.g., Microsoft Defender for Cloud, AWS Security Hub), and cloud compliance frameworks (e.g., CIS, CSA CCM) is highly desirable. Experience with security automation and orchestration, including the use of scripting languages (such as PowerShell or Python) and SOAR platforms to streamline incident response, automate repetitive tasks, and enhance overall security operations.
• Strong knowledge of security technologies (e.g., firewalls, IDS/IPS, EDR, SIEM).
• Security-related certification e.g. CompTIA Security+, GSEC, CISSP, CISA, CCSP (preferred).
• Good understanding of security frameworks such as ISO 27001, NIST, Mitre (preferred).
• Experience of introducing Information Security improvement through effective deployment of technology and / or processes to move to a proactive footing in security management or demonstrating similar in current technical discipline.
• Ability to triage and remediate phishing and impersonation attacks in a timely and efficient manner as the risk dictates.
• Experience working with a service management tool.
• Familiarity with legal tech platforms (e.g., iManage, Relativity, NetDocuments) is a plus.

Personal Attributes:

• Keen sense of responsibility, ability to set a professional example and desire to adhere to defined security practices.
• Strong technical security understanding.
• Self-motivated and able to work calmly and methodically under pressure.
• Excellent interpersonal skills, exceptional levels of personal integrity and the ability to communicate clearly at all levels through reports, presentations and forming effective matrixed relationships.
• Skilled in applying an agile approach to task management, ensuring responsiveness to dynamic risk landscapes.
• Cooperative, service-orientated, individual and established team worker, comfortable working in a geographically dispersed team.
• Good judgement when it comes to confidentiality and sensitivity of information of which they may become aware through the course of their duties.
• Adaptable and keen to learn new skills.

The Team:

The scope of the Information Security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. The Information Security team operates a number of security solutions directly, such as anti-malware solutions, Internet security proxy servers, and the vulnerability scanning platform, and rely on other departments (IT service delivery, HR, Facilities) to operate all other security controls.

The Information Security team is responsible for ensuring the overall effectiveness of the control framework and managing security incidents. The team work with unified principles and processes around the world while maintaining regional stakeholder relationships. They adhere to the international standard ISO 27001, and report to the Firm's CISO.

Norton Rose Fulbright US LLP is committed to providing employees with a comprehensive and competitive benefits package that supports you, your health, and your family. Benefit packages include access to three medical plans, dental, vision, life, and disability insurance. Employees can also access pre-tax benefits such as health savings and flexible spending accounts. Norton Rose Fulbright helps provide financial security by allowing employees to participate in a 401(k) savings plan and profit-sharing plans if eligible. Full- time employees are eligible to access fertility benefits designed to support fertility and family-forming journeys.

In addition to the Firm's health and welfare benefits above, we offer a competitive paid time off plan, which provides a minimum of 20 days off based on your role and tenure with the firm. The firm offers a generous paid parental leave benefit allowing parents to take a minimum of 14 weeks of paid leave to bond with your newborn, or adopted child(ren). Employees are also entitled to 11 Firm holidays.

Norton Rose Fulbright US LLP is an Equal Opportunity Employer and complies with all applicable federal laws and their implementing regulations that require the collection and recording of certain data and information. The information we receive will not be used to make any decision regarding employment and will be kept separate from your application. Similarly, self-identification information is kept confidential and used only in accordance with applicable federal laws and regulations. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.Norton Rose Fulbright is committed to providing reasonable accommodation as an Equal Opportunity Employer to applicants with disabilities. If you require assistance or accommodation to complete your application, please contact us.hr@nortonrosefulbright.com. Please provide your contact information and a description of your accessibility issue. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

E-Verifyis a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.

Equal Employment Opportunity