O'Melveny & Myers LLP
Information Security Governance, Risk and Compliance (GRC) Lead
O'Melveny & Myers LLP, San Francisco, California, United States, 94199
Overview
Information Security Governance, Risk and Compliance (GRC) Lead — remote role in one of our West Coast offices. O’Melveny & Myers LLP is seeking a GRC Lead to serve as the subject matter expert for firmwide Information Security GRC initiatives, collaborating closely with the Information Security Officer. This role encompasses development, implementation and ongoing coordination of GRC efforts, tracking information security risks, conducting risk analyses and mitigation options, coordinating information security metrics, and reporting to Information Security leadership. The Lead will enforce GRC rigor globally for firmwide information security obligations, implement and advance policies and a comprehensive control framework, oversee administration of standards and controls, risk management, third-party risk management (TPRM), baseline security controls and technology compliance initiatives, coordinate information security audits and assessments, and assist with reviewing outside counsel guidelines. The position will also develop a third-party risk management program and assist with reviewing third-party risk, using tools and reviewing due diligence documentation such as questionnaires and SOC reports. Salary range in California for this role is $130,000 - $160,000 and represents the firm’s good faith minimum and maximum range at the time of posting. Actual compensation depends on factors including experience, qualifications and location. Applications will be accepted from candidates residing in AL, AZ, CA, CO, D.C., FL, HI, ID, IL, LA, MD, MA, MN, MO, NC, NH, NV, NJ, NY, OH, OR, PA, SC, TX, UT, VA, WA. O’Melveny has an immediate opening for a remote Information Security Governance, Risk and Compliance (GRC) Lead in one of our West Coast offices.
Responsibilities
Lead firmwide Information Security GRC initiatives in partnership with the Information Security team.
Assist and coordinate with the ISO 27001 annual certification preparations, as well as with client audits.
Track external requirements (e.g., outside counsel guidelines) and assist with tracking, review, and response as needed.
Oversee Information Security GRC activities and coordinate closely with the Information Security Officer.
Serve as a subject matter expert and trusted advisor for leadership on Information Security GRC matters.
Respond to business unit inquiries regarding operational compliance.
Collaborate with IT, legal, finance and operations to develop a cohesive Information Security GRC program.
Partner with business units during solutions onboarding to ensure adequate controls are in place and enabled.
Conduct regular risk assessments and analyze emerging risks across the organization; coordinate risk mitigation strategies.
Maintain a strategic GRC program including policies, standards, processes and guidelines.
Stay updated on regulatory changes and industry standards (ISO, NIST, GDPR, HIPAA, HITRUST and other applicable frameworks).
Provide guidance to team members to ensure compliance with relevant laws and regulations.
Deliver GRC reports to management on compliance status, risk exposure and mitigation efforts.
Oversee third-party and vendor risk as part of the organization’s risk management strategy.
Document and enforce cybersecurity standards that balance risk with business operations; ensure audit readiness.
Utilize GRC tools and methodologies to drive process improvements and productivity gains.
Cooperate with internal and external auditors to maintain controls that meet GRC requirements.
Guide teams to align with security, audit and risk management efforts in ongoing security program assessments.
Stay current on technologies, security compliance requirements and industry trends; perform analysis of threats and vulnerabilities.
Utilize threat intelligence to anticipate and mitigate risks; ensure secure handling of privileged accounts and credentials.
Qualifications
Five years of experience in GRC or as a cybersecurity practitioner, including security analysis, compliance and risk management.
Experience working in a distributed and hybrid office environment.
Knowledge of information security and privacy frameworks: ISO/IEC 27001 required; NIST, HIPAA, HITRUST, GDPR and GLBA are optional.
Bachelor’s degree in Cybersecurity, Computer Science, Data Science, or related field.
Experience conducting tabletop exercises, disaster recovery exercises, and other information security control tests is ideal.
Excellent analytical, problem-solving and communication skills; ability to work independently and in multidisciplinary teams.
Professional certifications are a plus (CISSP, CISM, CISA, CRISC or CGRC).
We offer an excellent salary and benefits package. For more information or to be considered, please apply online at www.omm.com. Response will be given to candidates who closely meet our qualifications. EOE M/F/D/V. No phone inquiries please.
Details
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
Industries: Law Practice
Note: Referrals increase your chances of interviewing at O’Melveny & Myers LLP. Get notified about new Information Security Specialist jobs in San Francisco, CA.
#J-18808-Ljbffr
Information Security Governance, Risk and Compliance (GRC) Lead — remote role in one of our West Coast offices. O’Melveny & Myers LLP is seeking a GRC Lead to serve as the subject matter expert for firmwide Information Security GRC initiatives, collaborating closely with the Information Security Officer. This role encompasses development, implementation and ongoing coordination of GRC efforts, tracking information security risks, conducting risk analyses and mitigation options, coordinating information security metrics, and reporting to Information Security leadership. The Lead will enforce GRC rigor globally for firmwide information security obligations, implement and advance policies and a comprehensive control framework, oversee administration of standards and controls, risk management, third-party risk management (TPRM), baseline security controls and technology compliance initiatives, coordinate information security audits and assessments, and assist with reviewing outside counsel guidelines. The position will also develop a third-party risk management program and assist with reviewing third-party risk, using tools and reviewing due diligence documentation such as questionnaires and SOC reports. Salary range in California for this role is $130,000 - $160,000 and represents the firm’s good faith minimum and maximum range at the time of posting. Actual compensation depends on factors including experience, qualifications and location. Applications will be accepted from candidates residing in AL, AZ, CA, CO, D.C., FL, HI, ID, IL, LA, MD, MA, MN, MO, NC, NH, NV, NJ, NY, OH, OR, PA, SC, TX, UT, VA, WA. O’Melveny has an immediate opening for a remote Information Security Governance, Risk and Compliance (GRC) Lead in one of our West Coast offices.
Responsibilities
Lead firmwide Information Security GRC initiatives in partnership with the Information Security team.
Assist and coordinate with the ISO 27001 annual certification preparations, as well as with client audits.
Track external requirements (e.g., outside counsel guidelines) and assist with tracking, review, and response as needed.
Oversee Information Security GRC activities and coordinate closely with the Information Security Officer.
Serve as a subject matter expert and trusted advisor for leadership on Information Security GRC matters.
Respond to business unit inquiries regarding operational compliance.
Collaborate with IT, legal, finance and operations to develop a cohesive Information Security GRC program.
Partner with business units during solutions onboarding to ensure adequate controls are in place and enabled.
Conduct regular risk assessments and analyze emerging risks across the organization; coordinate risk mitigation strategies.
Maintain a strategic GRC program including policies, standards, processes and guidelines.
Stay updated on regulatory changes and industry standards (ISO, NIST, GDPR, HIPAA, HITRUST and other applicable frameworks).
Provide guidance to team members to ensure compliance with relevant laws and regulations.
Deliver GRC reports to management on compliance status, risk exposure and mitigation efforts.
Oversee third-party and vendor risk as part of the organization’s risk management strategy.
Document and enforce cybersecurity standards that balance risk with business operations; ensure audit readiness.
Utilize GRC tools and methodologies to drive process improvements and productivity gains.
Cooperate with internal and external auditors to maintain controls that meet GRC requirements.
Guide teams to align with security, audit and risk management efforts in ongoing security program assessments.
Stay current on technologies, security compliance requirements and industry trends; perform analysis of threats and vulnerabilities.
Utilize threat intelligence to anticipate and mitigate risks; ensure secure handling of privileged accounts and credentials.
Qualifications
Five years of experience in GRC or as a cybersecurity practitioner, including security analysis, compliance and risk management.
Experience working in a distributed and hybrid office environment.
Knowledge of information security and privacy frameworks: ISO/IEC 27001 required; NIST, HIPAA, HITRUST, GDPR and GLBA are optional.
Bachelor’s degree in Cybersecurity, Computer Science, Data Science, or related field.
Experience conducting tabletop exercises, disaster recovery exercises, and other information security control tests is ideal.
Excellent analytical, problem-solving and communication skills; ability to work independently and in multidisciplinary teams.
Professional certifications are a plus (CISSP, CISM, CISA, CRISC or CGRC).
We offer an excellent salary and benefits package. For more information or to be considered, please apply online at www.omm.com. Response will be given to candidates who closely meet our qualifications. EOE M/F/D/V. No phone inquiries please.
Details
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
Industries: Law Practice
Note: Referrals increase your chances of interviewing at O’Melveny & Myers LLP. Get notified about new Information Security Specialist jobs in San Francisco, CA.
#J-18808-Ljbffr