O'Melveny & Myers LLP
Information Security Governance, Risk and Compliance (GRC) Lead
O'Melveny & Myers LLP, Newport Beach, California, us, 92659
Information Security Governance, Risk and Compliance (GRC) Lead
Join to apply for the
Information Security Governance, Risk and Compliance (GRC) Lead
role at
O'Melveny & Myers LLP O’Melveny has an immediate opening for a remote
Information Security Governance, Risk and Compliance (GRC) Lead
in our
West Coast
office. It’s more than what you do: it’s how you do it.
O’Melveny is counsel of choice to an expanding list of market leaders. The firm offers development opportunities, collaboration with diverse colleagues, and exposure to evolving legal and business issues for prominent clients worldwide. With approximately 800 lawyers on three continents and more than 80 practice and industry service areas, O’Melveny is a global law firm with a local feel. The firm aims for excellence, leadership, innovation, and civic responsibility. The salary range in CA for this role is
$130,000 - $160,000
and represents the firm’s good faith minimum and maximum range for this role at the time of posting. The actual compensation offered will depend on experience, qualifications, and location. Applications are accepted from candidates in the following states: AL, AZ, CA, CO, D.C., FL, HI, ID, IL, LA, MD, MA, MN, MO, NC, NH, NV, NJ, NY, OH, OR, PA, SC, TX, UT, VA, WA. Responsibilities Include Lead firmwide Information Security GRC initiatives in partnership with the Information Security team. Coordinate ISO 27001 annual certification preparations and client audits. Track and respond to external requirements (e.g., outside counsel guidelines) as needed. Oversee Information Security GRC activities and coordinate with the Information Security Officer. Serve as a subject matter expert and trusted advisor for leadership on Information Security GRC matters. Respond to business unit inquiries regarding operational compliance. Collaborate with IT, legal, finance and operations to develop a cohesive Information Security GRC program. Partner with business units during solutions onboarding to ensure appropriate controls are in place. Conduct regular risk assessments and analyze emerging risks; implement mitigation strategies. Maintain a strategic GRC program including policies, standards, processes and guidelines. Stay updated on regulatory changes and industry standards (ISO, NIST, GDPR, HIPAA, HITRUST, etc.). Provide guidance to ensure compliance with relevant laws and regulations. Deliver GRC reports to management highlighting compliance status and risk exposure. Oversee third-party and vendor risk as part of the risk management strategy. Document and enforce cybersecurity standards balancing risk with business operations. Prepare for audits; coordinate with internal and external auditors and client interactions. Develop third-party risk management programs; review due diligence, questionnaires and SOC reports. Support security incidents and control testing; engage in tabletop and disaster recovery exercises as appropriate. Collaborate with cross-functional teams to map controls to KPIs, measure effectiveness, and produce timely reports for management. Qualifications Five years of experience in GRC or a cybersecurity practitioner role (security analysis, compliance, risk management). Experience in distributed and hybrid office environments. Understanding of information security and privacy frameworks: ISO/IEC 27001 required; NIST, HIPAA, HITRUST, GDPR, GLBA are optional. Bachelor’s degree in Cybersecurity, Computer Science, Data Science, or a related field. Experience with tabletop exercises, disaster recovery tests, and information security control testing is ideal. Excellent analytical, problem-solving, and communication skills; ability to work independently and in a multidisciplinary team. Professional certifications (CISSP, CISM, CISA, CRISC, CGRC) are a plus. EOE M/F/D/V. No phone inquiries please.
#J-18808-Ljbffr
Join to apply for the
Information Security Governance, Risk and Compliance (GRC) Lead
role at
O'Melveny & Myers LLP O’Melveny has an immediate opening for a remote
Information Security Governance, Risk and Compliance (GRC) Lead
in our
West Coast
office. It’s more than what you do: it’s how you do it.
O’Melveny is counsel of choice to an expanding list of market leaders. The firm offers development opportunities, collaboration with diverse colleagues, and exposure to evolving legal and business issues for prominent clients worldwide. With approximately 800 lawyers on three continents and more than 80 practice and industry service areas, O’Melveny is a global law firm with a local feel. The firm aims for excellence, leadership, innovation, and civic responsibility. The salary range in CA for this role is
$130,000 - $160,000
and represents the firm’s good faith minimum and maximum range for this role at the time of posting. The actual compensation offered will depend on experience, qualifications, and location. Applications are accepted from candidates in the following states: AL, AZ, CA, CO, D.C., FL, HI, ID, IL, LA, MD, MA, MN, MO, NC, NH, NV, NJ, NY, OH, OR, PA, SC, TX, UT, VA, WA. Responsibilities Include Lead firmwide Information Security GRC initiatives in partnership with the Information Security team. Coordinate ISO 27001 annual certification preparations and client audits. Track and respond to external requirements (e.g., outside counsel guidelines) as needed. Oversee Information Security GRC activities and coordinate with the Information Security Officer. Serve as a subject matter expert and trusted advisor for leadership on Information Security GRC matters. Respond to business unit inquiries regarding operational compliance. Collaborate with IT, legal, finance and operations to develop a cohesive Information Security GRC program. Partner with business units during solutions onboarding to ensure appropriate controls are in place. Conduct regular risk assessments and analyze emerging risks; implement mitigation strategies. Maintain a strategic GRC program including policies, standards, processes and guidelines. Stay updated on regulatory changes and industry standards (ISO, NIST, GDPR, HIPAA, HITRUST, etc.). Provide guidance to ensure compliance with relevant laws and regulations. Deliver GRC reports to management highlighting compliance status and risk exposure. Oversee third-party and vendor risk as part of the risk management strategy. Document and enforce cybersecurity standards balancing risk with business operations. Prepare for audits; coordinate with internal and external auditors and client interactions. Develop third-party risk management programs; review due diligence, questionnaires and SOC reports. Support security incidents and control testing; engage in tabletop and disaster recovery exercises as appropriate. Collaborate with cross-functional teams to map controls to KPIs, measure effectiveness, and produce timely reports for management. Qualifications Five years of experience in GRC or a cybersecurity practitioner role (security analysis, compliance, risk management). Experience in distributed and hybrid office environments. Understanding of information security and privacy frameworks: ISO/IEC 27001 required; NIST, HIPAA, HITRUST, GDPR, GLBA are optional. Bachelor’s degree in Cybersecurity, Computer Science, Data Science, or a related field. Experience with tabletop exercises, disaster recovery tests, and information security control testing is ideal. Excellent analytical, problem-solving, and communication skills; ability to work independently and in a multidisciplinary team. Professional certifications (CISSP, CISM, CISA, CRISC, CGRC) are a plus. EOE M/F/D/V. No phone inquiries please.
#J-18808-Ljbffr