Aderant is seeking an IT Security & Compliance Analyst.
Aderant is a global industry leading software company providing comprehensive business management solutions for law firms and other professional services organizations with a mission to help them run a better business. We are motivated by a collective desire to drive the legal industry to the forefront of innovation. With over 2,500 clients around the world, including 95 of the top AmLaw 100 firms, we are changing the outside perception of the legal sphere; where there was once resistance to modernization, we are creating a culture that embraces new ideas and technology.
At Aderant, the “A” is more than just a letter. It is a representation of how we fulfill our foundational purpose, serving our clients. It embodies our core values and reminds us that to achieve success, every day must start with the “A”. We bring the “A” to life by fostering a culture of innovation, collaboration, and personal growth. We encourage our diverse teams to bring their whole selves to work – ideas, experience, and passion – to drive our mission forward. Our people are our strength.
Role DescriptionUnder the guidance and oversight of the Manager, Cybersecurity & Compliance the Information IT Security & Compliance Analyst will work with stakeholders, including IT, Cloud Operations, Business, Product, Sales, and Software Development team members to enhance security controls and mitigate risks. You will be responsible for supporting governance, risk, and compliance activities along with participating in projects designed to reduce overall risk to the organization. The ideal candidate is passionate about information security technology and the opportunity to play a foundational role in a highly respected team, is self-motivated, and has excellent project management and communication skills.
Qualifications 2 to 5 years of relevant experience in an Information Security or Compliance roleThe ability to identifies opportunities to reduce risk, detect and remediate vulnerabilities and ensure compliance and audit readiness.Experience with industry and regulatory frameworks and standards, including but not limited to: ISO 27001 and 27002, PCI DSS, NIST Cyber Security Framework (CSF), , Center for Internet Security (CIS) Top 20 Critical Security Controls (CSC), General Data Protection Regulation (GDPR) articles and recitals, and/or California Consumer Privacy Act (CCPA).Understanding of or experience with AICPA SOC 1 controls and SOC 2 Trust Services Criteria.Basic technical understanding of cloud service platforms (AWS, Azure, etc.)Strong Microsoft Suite skills specifically Excel, Power Point, and TeamsExperience with GRC, identity, and audit solutions (OneTrust)Strong communication and collaborative skillsStrong analytical skills and the ability to understand and document complex business process data flows.The ability to work on multiple projects in parallel.Professionalism, attention to detail, strong organizational skills, team-focus, dedication, resourcefulness, and an eagerness to learn.Multi-tasking and time management skillsThe ability to mentor and oversee the work of other analystsPreferred Qualifications:
Supporting certifications (e.g., CISA, CRISC, CISSP)Experience with Security Awareness Training Platforms such as KnowBe4Experience with Third Party Governance platforms (Archer, Prevalent, Privva)Experience with Ticketing systems such as Jira Responsibilities Manage compliance assurance program ensuring that control requirements are documented, and processes exist to validate the effectiveness of such controlsCollaborate with cross-functional teams to gather compliance artifacts to fulfill internal and external requirements and obligationsEvaluate artifacts to validate that they meet control requirementsManage and facilitate third party risk assessment program, ensuring that all business partners meet Aderant security and compliance requirementsEnsure security risk assessment questionnaires are relevant and updated as neededFacilitate with third parties on the completion of risk assessment questionnairesCollection and review of vendor security questionnaire responses, artifacts, and attestationsPerform analysis of responses, document risks, communicate risks to internal stakeholders, and work with vendors to track remediation of risks to an acceptable levelAssists with the completion of annual enterprise security risk assessment processesEvaluate processes and controls to ensure they meet security and compliance requirementsParticipate in efforts to achieve compliance / certifications such as ISO-27001, SOC1/SOC2 and PCI-DSS certificationFacilitate risk assessments with internal stakeholdersCoordinate and respond to clients, auditors, and external parties regarding the IT control environment and routine audits and assessments.Coordinate with internal and external audit teams, as needed, to fulfill regulatory requirements and obligations.Track and report on risks identified from penetration tests, internal assessments, external assessments, source code scans, and vulnerability scans. Use strong collaboration to ensure risks are remediated in a timely mannerAssist with the remediation of IT control deficiencies and vulnerabilities by investigating the root cause, partnering with other team members on documenting action plans, and closely following up until remediation.Participate in the coordination of the Information Security Awareness and training program including the creation of security advisories, the facilitation of training programs, and the facilitation of simulated phishing campaignsAids in the review and update policies, standards, and procedures to ensure they accurately reflect business requirements and align to industry leading security practicesPerform special projects as assigned, while effectively managing time with competing prioritiesAssists with the formulation and distribution of information security metrics and dashboards that demonstrate security coverage and remediation effectiveness. Options Apply for this job onlineApplyShareEmail this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed Application FAQsSoftware Powered by iCIMS
www.icims.com