Information Security Risk & Compliance Analyst

Ropes & Gray is a preeminent global law firm recognized for its excellence in various legal practices. The Information Security Risk & Compliance Analyst will assist in managing the firm’s data security, compliance, and risk management programs, supporting initiatives related to information security and privacy. Responsibilities Assist in maintaining the firm’s ISO 27001:2022 Information Security Management System, assist with SOC2 audit preparedness and SOC2 audit completion, and support additional compliance activities as needed Support the firm’s initiatives to be at the forefront of GenAI and legal technology, reviewing vendor offerings and providing guidance on secure-by-design principals that meet or exceed industry standards Support monitoring of the firm’s policies and procedures Help coordinate vulnerability management activities with guidance from other team functional areas Assist in vendor risk management program tasks Support responses to client audits, client RFPs, and related requests Help coordinate third party technical risk assessments and audit activities Assist in producing and maintaining information security documentation, including policies, procedures, standards, guidelines, and diagrams Help assess potential items of risk and opportunities of vulnerability in the network Assist in Change Management and architecture reviews of new and existing firm technology Participate in knowledge transfer sessions and training with senior team members Promote a culture of information security across business units under guidance Learn about the role of systems and technology within the firm and their value to the business Pursue relevant security certifications and attend industry seminars and continuing education events as assigned Perform other related duties as assigned Skills Bachelor of Science in a technology-related discipline or 1-2 years of relevant experience 1-2 years of experience in information security, IT risk management, or IT support Basic knowledge of ISO 27001:2022 and risk management frameworks (ISO 27005, NIST, COBIT 5) Knowledge of SOCII audit criteria and procedures Basic understanding of HIPAA and data security regulations Familiarity with Microsoft, Cisco, Unix/Linux, and mobile technologies Strong written and oral communication skills Organized, responsive, and willing to learn Security certification (such as Security+, SSCP, or similar) preferred but not required Benefits Comprehensive health and well-being benefits Personal and professional development Career growth opportunities A collegial and supportive culture Discretionary bonus based on performance Company Overview Ropes & Gray, a preeminent, global law firm, has been ranked in the top-three on The American Lawyer's prestigious "A-List" for eight consecutive years and listed on Law.com’s UK “A-List” for three years in a row. It was founded in 1865, and is headquartered in Boston, Massachusetts, USA, with a workforce of 1001-5000 employees. Its website is Company H1B Sponsorship Ropes & Gray LLP has a track record of offering H1B sponsorships, with 6 in 2026, 23 in 2025, 22 in 2024, 24 in 2023, 38 in 2022, 21 in 2021, 21 in 2020. Please note that this does not guarantee sponsorship for this specific role.