Company Name Marshall Dennehey Warner Coleman & Goggin, P.C.
The law offices of Marshall Dennehey Warner Coleman & Goggin, a leading insurance defense firm, is seeking an Information Security Analyst for its Philadelphia, PA office with 3+ years of experience.
Industry: Law Practice
Employment Type: Full-time
Job Functions: Information Technology
This job is in compliance with Philadelphia’s Fair Chance Hiring Law.
The Information Security Analyst position is responsible for monitoring the IT security environment to immediately detect, verify and respond swiftly to cyber threats, e.g. vulnerability exploitation, malware, cyber-attacks, etc. Working in conjunction with various IT infrastructure & Operations personnel, this position will be a key contributor in executing the IT Security strategy, Security roadmap and formulation of the Security process relative to threat intelligence, security monitoring, security automation, security awareness as it pertains to security monitoring, intrusion detection/prevention, endpoint security, Third Party Security Assessment, compliance, IAM and SIEM.
- Manage responses for all Marshall Dennehey’s clients’ cyber security risk assessments
- Coordinate with IT management and firm stakeholders to obtain guidance and requested responses for the firm’s third party cyber assessments
- Review assessment results for vulnerabilities, gaps and control deficiencies; establish plans for a sustainable resolution
- Document results of assessments and verification activities; lead remediation efforts if necessary
- Validate effectiveness of current security controls and identify potential gaps
- Determine potential impact of detected gaps and translate that into a risk assessment within the established security and cyber framework
- Create a third party cyber assessment response guidebook based on responses curated from submitted cyber security risk assessments
- Produce and maintain metrics based on cyber security assessment
- Work closely with the Project Manager ensuring security controls are factored into all projects
- Ensure the firm meets its security compliance requirements via ensuring monthly, quarterly, and annually scheduled security related tasks are conducted
- Develop and maintain vendor security assessment program
- Identify and implement tools to baseline activity and alert or limit suspicious activity and insider threat among networks, databases, data and users
- Assist in the selecting, implementing and managing of systems, tools, and processes that will keep the firm at the leading edge of security. This includes a continually-evolving inventory of gaps to be mitigated and formulation of a proactive strategy to evaluate and implement mitigating technologies
- Continuously remain current on emerging security threats and technologies
- Assist in the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)
- Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates and maintains and documents security controls
- Prepare status reports on security matters to develop security risk analysis scenarios and response procedures
- Other duties as assigned
KNOWLEDGE, ABILITIES AND SKILLS:
- 3+ years of IT networking or security industry experience
- Experience with Cyber Risk Assessments
- Experience with Vulnerability Scans and Penetration Test
- Prior experience with Compliance and Audits
- Strong analytical and problem solving skills
- Excellent communication, presentation and public speaking skills
- Skilled in organization and time management
- Critical thinking and decision making
Need Cyber Security Training?
- Introduction to Cybersecurity Tools & Cyber Attacks by IBM
- Financial Markets by Yale University
- International Cyber Conflicts from the State University of New York
- Business Foundations by University of Pennsylvania
WORK EXPERIENCE REQUIRED:
- 2+ Years Proven Experience as an Information Security Analyst
- Experience with Firewalls, Switches, MFA, IDS/IPS, DLP and other Information Security Tools
- BS/BA In Cyber Security, Computer Science, Engineering, or Relevant Field
- Comfortable with ambiguity and fast change with an ability to adapt as needed
- Security Certifications preferred (e.g. SSCP / CISSP or CISM)
Firm offers a sound future, competitive salary, and an excellent benefits package.
Qualified candidates should submit cover letter, resume and salary requirement to HRRecruiter@MDWCG.com for consideration.
We are an Equal Opportunity Employer AA/M/F/D/V.