Previous Job
Information Assurance Specialist
Ref No.: 17-00106
Location: New York, New York
Essential Duties & Responsibilities:
This position will report to the Director of Information Security which oversees the Firm's Information Security, Business Continuity and Privacy program. The Information Assurance Specialist will work closely with the Director of Information Security to ensure that the Firm has all necessary policies, standards, procedures and process in place in regards to data confidentiality, integrity and availability as required by clients and regulatory requirements.
The Information Assurance Specialist will be responsible for working with senior management, consultants, service providers and staff to develop, exercise and maintain the Firm's Information Security, Privacy Program and Business Continuity. This position will also require the candidate to develop and maintain Data Governance for all data within the Firm.
Information Security
  • Maintains all policies, standards and procedures as it relates to Information Security. Assist with ISO27001 audits; coordinate all necessary meetings throughout the year and maintain meeting agendas and minutes.
  • Create and updates all documents related to ISO27001.
Business Continuity
  • Development of Business and Practice specific Business Continuity Plans and revise/update them annually as required. Identify plan gaps and provide business management with mitigation solutions.
  • Meet with business stake holders to identify business recovery requirements including critical dependencies and service providers. Perform complete annual Business Impact Analysis (BIA).
  • Develop business requirements, write plans, conduct table top exercises as well as manage any consultants on the development of the Firm's BCP plans.
  • Participate in development of the recovery strategy for all critical assets with IT personnel.
  • Formulate annual exercise plan and review/revise as need to meet industry best practices.
  • Participate in annual recovery test and validate recovery strategy. Responsible for post-recovery de-briefing of management, staff and other parties and track success of failures of these tests. Maintain 'lessons learned program' so that the incident, adaptations, impacts and results are tracked and BCP plans updated as needed.
  • Develops, implements, and updates the Firm's privacy policies, procedures and process in coordination with senior management, consultants, information technology staff, legal counsel and risk committee.
  • Ensure that all offices around the globe have a privacy program in place and follows the same policies, procedures and process.
  • Reads, understands, and maintains current knowledge of regulatory privacy laws in US and in other countries.
  • Delivers or arranges for initial and ongoing information privacy training to all staff.
  • Performs periodic risk assessments and ongoing compliance monitoring.
  • Works with relevant departments to ensure the Firm complies with appropriate information privacy contract provisions, specifically business associate agreements, sub-business associates, delegates, vendors, and other relevant parties.
  • Participate in the development and review of business associate and qualified service organization agreements to ensure that all privacy concerns, requirements, and responsibilities are addressed.
Data Governance
  • Develop, implement and manage data governance policies, procedures and process as it relates to all data to ensure availability, usability, integrity, and security of the data employed in the Firm.
  • Work with business units and IT personnel to discover and identify all sources and location of data (structure and non-structured data) as well as flow of data within and out of the Firm.
  • Identify old data and create lifecycle governance around all data in the Firm.
  • Create standards in regards to structure of shared folders and movement of data within the shared folders.
  • Create policies around access to data by third party.
Education and Experience:
  • Bachelor's degree with a minimum of 6 years of combined experience with information security, business continuity and privacy programs in a global enterprise.
  • Strong project management skills, including the ability to work across multiple teams and business units.
  • Must be able to create and review detailed documents including technical documents as needed.
  • Experience with ISO standards including ISO27001:2013 and ISO22301.
  • Industry certifications such as Project Management Specialist (PMP), ITL, Six Sigma or CIPP desired.
  • Excellent oral and written communication skills. Extensive interpersonal skills and the ability to develop and maintain stakeholder relationships at all levels.
  • High level of energy, creativity, flexibility and dedication. A willingness to focus and commit to ensure the Firm has a comprehensive Information Security, BCP, Privacy program and Data Governance.
  • Candidate must be available to report to work on their regularly scheduled days and at the scheduled hour. The candidate must also be willing to work off hours where necessary.
  • Ability to travel when required.