Information Security Risk & Compliance Analyst

Ropes & Gray is a preeminent global law firm. The information security risk & compliance analyst assists in managing and executing the firm’s data security, compliance, and risk management programs while promoting a culture of information security throughout the organization.ResponsibilitiesAssist in maintaining the firm’s ISO 27001:2022 Information Security Management System, assist with SOC2 audit preparedness and SOC2 audit completion, and support additional compliance activities as neededSupport the firm’s initiatives to be at the forefront of GenAI and legal technology, reviewing vendor offerings and providing guidance on secure-by-design principals that meet or exceed industry standardsSupport monitoring of the firm’s policies and proceduresHelp coordinate vulnerability management activities with guidance from other team functional areasAssist in vendor risk management program tasksSupport responses to client audits, client RFPs, and related requestsHelp coordinate third party technical risk assessments and audit activitiesAssist in producing and maintaining information security documentation, including policies, procedures, standards, guidelines, and diagramsHelp assess potential items of risk and opportunities of vulnerability in the networkAssist in Change Management and architecture reviews of new and existing firm technologyParticipate in knowledge transfer sessions and training with senior team membersPromote a culture of information security across business units under guidanceLearn about the role of systems and technology within the firm and their value to the businessPursue relevant security certifications and attend industry seminars and continuing education events as assignedPerform other related duties as assignedSkillsBachelor of Science in a technology-related discipline or 1-2 years of relevant experience1-2 years of experience in information security, IT risk management, or IT supportBasic knowledge of ISO 27001:2022 and risk management frameworks (ISO 27005, NIST, COBIT 5)Knowledge of SOCII audit criteria and proceduresBasic understanding of HIPAA and data security regulationsFamiliarity with Microsoft, Cisco, Unix/Linux, and mobile technologiesStrong written and oral communication skillsOrganized, responsive, and willing to learnSecurity certification (such as Security+, SSCP, or similar)BenefitsComprehensive health and well-being benefitsPersonal and professional developmentCareer growth opportunitiesA collegial and supportive cultureCompany OverviewRopes & Gray, a preeminent, global law firm, has been ranked in the top-three on The American Lawyer's prestigious "A-List" for eight consecutive years and listed on Law.com’s UK “A-List” for three years in a row. It was founded in 1865, and is headquartered in Boston, Massachusetts, USA, with a workforce of 1001-5000 employees. Its website is http://www.ropesgray.com/.Company H1B SponsorshipRopes & Gray LLP has a track record of offering H1B sponsorships, with 26 in 2025, 23 in 2024, 24 in 2023, 38 in 2022, 21 in 2021, 21 in 2020. Please note that this does not guarantee sponsorship for this specific role.



Apply To This Job