Looking to hire an experienced Information Governance Analyst to join the Electronic Information Governance Department. The Information Governance Analyst provides day to day services in support of Firm and client needs, assuring electronic information is secured and monitored, and IS compliance objectives are met. The Information Governance Analyst will report to the Electronic Information Governance Director and work closely with lawyers and business professionals throughout the firm. 

 

Principal Duties and Responsibilities:

• Provide services relating to governance and assurance for handling of the Firm's electronic information, including:
• Review of client guidelines ("outside counsel guidelines") as they relate to information security and management, and coordinate with various teams to ensure compliance with requirements
• Review and assessment of third parties with privileged access to Firm and client information
• Review and assessment of new products/workflows from an information governance perspective, with associated recommendations to maximize security and compliance with Firm practices
• Responding to information security assessments requested by clients, and support of client audits of Firm systems
• Support of the Firm’s continued ISO 27001 and 27701 certification via collection of evidence, participation in relevant audits, and other supporting processes
• Assistance with Firm data privacy initiatives, including upkeep of Firm data maps, DPIA, data subject requests, etc.
• Assess handling of matter-specific information within the Firm, including:
  • Periodic reviews of business units that administer logical access controls 
  • Periodic reviews of privileged access groups
• Review and monitor sensitive data flows to ensure requirements are legitimate
• Monitoring and management of Firm data loss prevention ("DLP") technologies, with investigation as appropriate
• Implementation of legal holds and management of legal hold systems, processes, and data
• Coordination of data collection from internal systems in support of internal groups
• Coordination of data transfers for incoming and outgoing attorneys
• Assist with other information governance and compliance needs for the Firm and clients as needed
• Expertise in the principles and best practices of information governance and assurance
• Experience responding to internal and external client IT audits
• Experience with M365 including Purview eDiscovery, Purview Information Protection, and associated best practices
• Broad knowledge of compliance tools, processes and GRC field in general
• Experience with writing policies and procedures
• Knowledge of relevant laws and best practices relating to data privacy and information assurance
• Able to handle multiple projects and priorities simultaneously with professionalism, client service orientation, attention to detail, and sense of urgency
• Superior writing and verbal communication skills
• Superior analytical and problem-solving abilities
• Ability to independently apply aforementioned skills to issues and initiatives 

Education and Experience:

• Bachelor's degree required
• At least 6 years direct experience working in information governance and experience in a mature, high-performing professional organization
• Information assurance, compliance, and M365 certifications preferred. Examples include CISA, CISSP, CISM, CGEIT, etc.

Salary:
$150 - 160K