Information Governance Compliance Analyst

Join Cooley's dynamic Information Governance & Data Privacy team as an Information Governance Compliance Analyst.

Position summary: At Cooley, our Information Services (IS) team is dedicated to delivering exceptional customer service. The Information Governance Compliance Analyst will play a pivotal role in supporting our service-oriented mission, ensuring that technical and operational responsibilities align with our commitment to service excellence.

Position responsibilities:

• Perform internal and external audits to ensure adherence to industry regulations.
• Drive compliance initiatives to enhance operational effectiveness with applicable laws, regulations, and internal policies.
• Oversee compliance activities within designated IS areas, ensuring alignment with internal standards.
• Collaborate on the development and execution of new business initiatives to support compliance needs.
• Advise business units on compliance and security issues.
• Facilitate audit preparation activities, ensuring readiness for audit testing and timely resolution of findings.
• Conduct regular risk assessments and develop mitigation plans to support business goals.
• Perform formal risk assessment reviews to identify critical business exposure areas.
• Evaluate potential vendors for governance, risk, and compliance solutions.
• Maintain the firm's ISO 27001 certification.
• Manage governance, risk, and compliance tools for the firm.
• Respond to client requests for compliance-related assessments and audits.
• Assess vendor compliance with security policies and procedures.
• Develop and track metrics to gauge the effectiveness of governance, risk, and compliance initiatives.
• Monitor compliance with global privacy and security regulations.
• Evaluate adherence to established security frameworks, including ISO and NIST.
• Identify risks, threats, and vulnerabilities faced by the firm.
• Track risks and implement effective mitigation strategies.
• Engage in governance, risk, and compliance forums to gain insights for problem-solving.
• Assess and enhance the effectiveness of our internal security control framework.
• Communicate audit results and remediation progress to management.
• Conduct security risk assessments and provide recommendations to minimize risk.
• Perform additional duties as assigned.

Skills and experience:

Required:

• Availability for extended hours or travel as needed.
• Minimum of 3 years' experience in governance, risk and compliance (GRC), information security, and auditing; candidates with 5+ years are eligible for senior-level consideration.
• CISSP or equivalent certifications preferred.
• Strong understanding of compliance issues and information security practices.
• Experience with security controls, auditing, and network/system security.
• Familiarity with ISO 27001 or NIST compliance frameworks.
• Experience evaluating vendor security posture.
• Knowledge of incident management programs.
• Project management experience.

Preferred:

• Bachelor's degree in Information Technology or Computer Information Systems.
• Previous experience in a law firm.
• Certifications such as PCIP, ISA/QSA, CISA, CISM, and related GIAC.
• Experience in independent audit functions.
• Familiarity with GDPR, HIPAA, and SOC 2 audits.
• Additional security certifications.

Competencies:

• Exceptional customer service skills.
• Able to articulate technical concepts in business terms.
• Capable of meeting deadlines in a fast-paced environment while managing multiple projects.
• Strong analytical, problem-solving, and project management skills.
• Able to balance security best practices with business objectives.
• Proven decision-making skills, integrity, and collaboration with IS management and staff.
• Excellent oral and written communication skills.
• Detail-oriented with strong organizational abilities.
• Effective in working under pressure and meeting tight deadlines.
• Ability to engage with all staff levels.
• Outstanding active listening skills.
• Motivated team player.
• Quick learner capable of grasping new concepts efficiently.
• Skilled in coordinating with multiple teams to achieve objectives.
• Effective in independently solving problems and managing various tasks.
• Professional demeanor at all times.

Cooley offers competitive compensation and an excellent benefits package, demonstrating our commitment to fair and equitable employment practices.

The expected annual pay range for this position is $88,000 - $124,000, with final offers determined by geographic location, experience, and skills. Senior candidates may qualify for a higher salary range.

We provide a comprehensive range of elective benefits, including medical, dental, and vision coverage; health savings accounts; flexible spending accounts; life insurance; paid time off; and generous parental leave. New employees will undergo a detailed benefit orientation to explore our extensive resources.