Ropes & Gray is a preeminent global law firm recognized for its excellence in various legal practices. The Information Security Risk & Compliance Analyst will assist in managing the firm’s data security, compliance, and risk management programs, supporting initiatives related to information security and privacy.
Responsibilities
- Assist in maintaining the firm’s ISO 27001:2022 Information Security Management System, assist with SOC2 audit preparedness and SOC2 audit completion, and support additional compliance activities as needed
- Support the firm’s initiatives to be at the forefront of GenAI and legal technology, reviewing vendor offerings and providing guidance on secure-by-design principals that meet or exceed industry standards
- Support monitoring of the firm’s policies and procedures
- Help coordinate vulnerability management activities with guidance from other team functional areas
- Assist in vendor risk management program tasks
- Support responses to client audits, client RFPs, and related requests
- Help coordinate third party technical risk assessments and audit activities
- Assist in producing and maintaining information security documentation, including policies, procedures, standards, guidelines, and diagrams
- Help assess potential items of risk and opportunities of vulnerability in the network
- Assist in Change Management and architecture reviews of new and existing firm technology
- Participate in knowledge transfer sessions and training with senior team members
- Promote a culture of information security across business units under guidance
- Learn about the role of systems and technology within the firm and their value to the business
- Pursue relevant security certifications and attend industry seminars and continuing education events as assigned
- Perform other related duties as assigned
Skills
- Bachelor of Science in a technology-related discipline or 1-2 years of relevant experience
- 1-2 years of experience in information security, IT risk management, or IT support
- Basic knowledge of ISO 27001:2022 and risk management frameworks (ISO 27005, NIST, COBIT 5)
- Knowledge of SOCII audit criteria and procedures
- Basic understanding of HIPAA and data security regulations
- Familiarity with Microsoft, Cisco, Unix/Linux, and mobile technologies
- Strong written and oral communication skills
- Organized, responsive, and willing to learn
- Security certification (such as Security+, SSCP, or similar) preferred but not required
Benefits
- Comprehensive health and well-being benefits
- Personal and professional development
- Career growth opportunities
- A collegial and supportive culture
- Discretionary bonus based on performance
Company Overview
- Ropes & Gray, a preeminent, global law firm, has been ranked in the top-three on The American Lawyer's prestigious "A-List" for eight consecutive years and listed on Law.com’s UK “A-List” for three years in a row. It was founded in 1865, and is headquartered in Boston, Massachusetts, USA, with a workforce of 1001-5000 employees. Its website is http://www.ropesgray.com/.
Company H1B Sponsorship
- Ropes & Gray LLP has a track record of offering H1B sponsorships, with 6 in 2026, 23 in 2025, 22 in 2024, 24 in 2023, 38 in 2022, 21 in 2021, 21 in 2020. Please note that this does not guarantee sponsorship for this specific role.