Ropes & Gray is a preeminent global law firm. The firm has been ranked in the top three on The American Lawyer's prestigious A-List for eight consecutive years and #1 on Law.com's UK A-List twice in the past three years - rankings that honor the "best of the best" law firms.

The firm has approximately 2,500 lawyers and professionals serving clients in major centers of business, finance, technology, and government in Boston, Chicago, Dublin, Hong Kong, London, Los Angeles, New York, Paris, San Francisco, Seoul, Shanghai, Silicon Valley, Singapore, Tokyo and Washington, D.C.

The firm has consistently been recognized for its leading practices in many areas, including asset management, private equity, M&A, finance, real estate, tax, antitrust, life sciences, health care, intellectual property, litigation & enforcement, privacy & cybersecurity, and business restructuring.

Ropes & Gray is an equal opportunity employer.

Reporting to the Director of Information Security, the information security risk & compliance analyst assists in the management and execution of the firm’s data security, compliance, and risk management programs. The position supports information security, privacy, compliance, and data governance initiatives and helps promote a culture of information security throughout the organization. The role requires a basic understanding of IT systems and security concepts, and a willingness to learn and grow in the field.

ESSENTIAL FUNCTIONS:

• Assist in maintaining the firm’s ISO 27001:2022 Information Security Management System and support compliance activities
• Support the firm’s initiatives to be at the forefront of GenAI and legal technology, reviewing vendor offerings and providing guidance on secure by design principals that meet or exceed industry standards.
• Support monitoring of the firm’s policies and procedures
• Help coordinate vulnerability management activities under supervision
• Assist in vendor risk management program tasks
• Support responses to client audits, client RFPs, and related requests
• Help coordinate third party technical risk assessments and audit activities
• Assist in producing and maintaining information security documentation, including policies, procedures, standards, guidelines, and diagrams
• Help assess potential items of risk and opportunities of vulnerability in the network
• Participate in knowledge transfer sessions and training with senior team members
• Promote a culture of information security across business units under guidance
• Learn about the role of systems and technology within the firm and their value to the business

OTHER RESPONSIBILITIES:

• Pursue relevant security certifications and attend industry seminars and continuing education events as assigned
• Perform other related duties as assigned

EDUCATION, EXPERIENCE AND SKILLS REQUIRED:

• Bachelor of Science in a technology-related discipline or 1-2 years of relevant experience
• 1-2 years of experience in information security, IT risk management, or IT support
• Basic knowledge of ISO 27001:2022 and risk management frameworks (ISO 27005, NIST, COBIT 5)
• Basic understanding of HIPAA and data security regulations
• Familiarity with Microsoft, Cisco, Unix/Linux, and mobile technologies
• Strong written and oral communication skills
• Organized, responsive, and willing to learn
• Security certification (such as Security+, SSCP, or similar) preferred but not required

ESSENTIAL CAPABILITIES:

• Ability to relate to non-technical users in user-friendly language
• Ability to understand technical implications of security threats with guidance
• Ability to manage multiple tasks and prioritize under supervision
• Ability to maintain confidentiality of internal and personnel affairs
• Ability to work well with others and contribute to team spirit
• Self-motivated and eager to develop professionally
• Ability to work in a multi-office environment and willingness to travel as required
• Ability to work effectively in a culturally and educationally diverse environment

Ropes & Gray is proud to offer a comprehensive Total Rewards package to our business support team members. The firm also offers comprehensive health and well-being benefits, personal and professional development, career growth opportunities and a collegial and supportive culture. The anticipated pay range for this role is listed below and represents our good faith and reasonable estimate of the starting salary range at the time of posting. In addition, this role is eligible for a discretionary bonus based on performance. The actual offered rate for this position will be determined based on job-related, non-discriminatory factors, including qualifications and experience, geographic location, education, external market data and consideration of internal equity.

• Boston: $81,000 - $123,550
• New York: $84,900 - 129,450

This position requires hybrid on-site presence as an essential function of the role. Consistent and predictable on-site presence is required for ongoing business continuity, professional development and effective collaboration with colleagues and management.

Normal office environment.  Incumbent is expected to work the hours necessary to fulfill the responsibilities of the position.  Periodic travel may be required.