Information Security Risk & Compliance Analyst

Ropes & Gray is a preeminent global law firm recognized for its excellence in various legal practices. The Information Security Risk & Compliance Analyst will assist in managing the firm’s data security, compliance, and risk management programs, supporting initiatives related to information security and privacy.ResponsibilitiesAssist in maintaining the firm’s ISO 27001:2022 Information Security Management System, assist with SOC2 audit preparedness and SOC2 audit completion, and support additional compliance activities as neededSupport the firm’s initiatives to be at the forefront of GenAI and legal technology, reviewing vendor offerings and providing guidance on secure-by-design principals that meet or exceed industry standardsSupport monitoring of the firm’s policies and proceduresHelp coordinate vulnerability management activities with guidance from other team functional areasAssist in vendor risk management program tasksSupport responses to client audits, client RFPs, and related requestsHelp coordinate third party technical risk assessments and audit activitiesAssist in producing and maintaining information security documentation, including policies, procedures, standards, guidelines, and diagramsHelp assess potential items of risk and opportunities of vulnerability in the networkAssist in Change Management and architecture reviews of new and existing firm technologyParticipate in knowledge transfer sessions and training with senior team membersPromote a culture of information security across business units under guidanceLearn about the role of systems and technology within the firm and their value to the businessPursue relevant security certifications and attend industry seminars and continuing education events as assignedPerform other related duties as assignedSkillsBachelor of Science in a technology-related discipline or 1-2 years of relevant experience1-2 years of experience in information security, IT risk management, or IT supportBasic knowledge of ISO 27001:2022 and risk management frameworks (ISO 27005, NIST, COBIT 5)Knowledge of SOCII audit criteria and proceduresBasic understanding of HIPAA and data security regulationsFamiliarity with Microsoft, Cisco, Unix/Linux, and mobile technologiesStrong written and oral communication skillsOrganized, responsive, and willing to learnSecurity certification (such as Security+, SSCP, or similar) preferred but not requiredBenefitsComprehensive health and well-being benefitsPersonal and professional developmentCareer growth opportunitiesA collegial and supportive cultureDiscretionary bonus based on performanceCompany OverviewRopes & Gray, a preeminent, global law firm, has been ranked in the top-three on The American Lawyer's prestigious "A-List" for eight consecutive years and listed on Law.com’s UK “A-List” for three years in a row. It was founded in 1865, and is headquartered in Boston, Massachusetts, USA, with a workforce of 1001-5000 employees. Its website is http://www.ropesgray.com/.Company H1B SponsorshipRopes & Gray LLP has a track record of offering H1B sponsorships, with 26 in 2025, 23 in 2024, 24 in 2023, 38 in 2022, 21 in 2021, 21 in 2020. Please note that this does not guarantee sponsorship for this specific role.



Apply To This Job