Information Security Risk Management (ISRM), Business Information Security Officer - Legal Business Unit is seeking a results-driven, collaborative, self-motivated professional who combines information security knowledge, IT Audit skills and proactive leadership for the position of Senior Information Security Analyst.
The Business Information Security Officer (BISO) teams have overall responsibility for ensuring information security of products and services provided by the business units to our external customers. The Legal BISO team focuses on the Legal Business unit and their customers which are generally segmented into law firms, general counsel, and government. This group is involved in answering customer security questionnaires, assisting with security contract language that is product specific, talking with customers who have security questions about the products they are purchasing, and coordinating customer audits. In addition to product security, the BISO teams help promote, drive and support ISRM goals & enterprise programs to the business which include things like security awareness, incident response, application code scanning, policy compliance, etc.
- Coordinating and executing assessments between the internal stakeholders and external audit partners.
- Coordinating work across teams within and outside Legal Technology to achieve project deliverables and goals.
- Leading and monitoring progress on multiple projects relative to schedules and deliverables.
- Communicating and reporting status and audit findings to peers and management and all other relevant individuals and groups.
- Developing or contributing to business cases that include Information Security Assessments.
- Reviewing and assessing information prior to providing it to the auditors.
- Participating in the post-audit work, including coordination of responses and remediation efforts.
- Assist the sales, legal, and ISRM teams during contract review to assess and provide guidance on contract language related to security concerns.
- Coordinating Customer Security Questionnaire process between the internal stakeholders.
- Coordinating work across teams within and outside Legal Tech to achieve high level of accuracy and fast turn-around.
- Communicating and reporting status to peers and management and all other relevant individuals and groups.
- Developing or contributing to process improvements.
- Review Subject Matter Expert responses to confirm accuracy.
- Partner with product teams to understand security controls within the product and provide guidance to product teams to ensure compliance with our policy, customer requirements, and regulatory requirements.
- Understand product architecture and data flows of products in the Legal BU
Education and Experience:
- Bachelor’s degree in computer science, business or equivalent experience
- 5+ years of relevant experience, with experience in a technical field preferred OR 3+ years in IT Security Audit experience.
- Experience with information security projects or audits and understanding of information security related process and controls.
- Working knowledge of one or more security assessment standards as PCI, HIPAA, ISO 27001/9001, and SOC2 attestations.
- Technical background, or ability to understand technical requirements
- Effective within a highly matrixed business environment
- Broadly focused and manage multiple efforts concurrently
- Works independently while maintaining alignment and overall direction
- Ability to work effectively with all levels of the organization, including staff, business stakeholders, and all levels of management
- Strong written and verbal communication skills, including with Executive audiences
- Ability to learn quickly and immediately apply new knowledge
- Work with information security staff to understand the current information security risk, compliance, and remediation landscape, reporting and analysis architecture, and the use of associated tools and techniques
- Good organizational skills, including prioritization and time management.
Preferred or Desired Qualifications:
- Information Security certification (CISA, CIA, CISSP)
- Broad knowledge of Legal BU Products, Content systems, and Thomson Reuters Content