Information Security Compliance Analyst

Firm Overview

Bates White is a boutique consulting firm based in Washington, DC. Recognized as a top workplace, the firm provides advanced economic, financial, and econometric analysis to law firms, companies, and government agencies.

Through our supportive, collaborative, and collegial culture, we invest in our talent and provide opportunities for career advancement. We are proud to have been consistently ranked among the top firms in the Vault Guide to the Top 50 Consulting Firms, named a Top Workplace by The Washington Post for the past ten years, listed as a top consulting firm by Management Consulted and ranked #42 on Newsweek’s list of America’s Top 200 Most Loved Workplaces.

If you are looking for a place to do high-quality work and have fun along the way, read below to discover how you can be part of our team. Learn more about our firm at: www.bateswhite.com.

What You’ll Do

In this role you will support, plan, and execute the Firm’s information security strategy under the guidance of the Chief Information Security Officer. Your responsibilities will include establishing, maintaining, and ensuring adequate controls to meet regulatory and industry security requirements. Additionally, you will oversee the complete lifecycle of the information security portfolio, manage risk, ensure oversight, and enforce security-related requirements. You will:

• Ensure proper oversight, risk management, and compliance with information security related requirements.
• Review and develop information security policies and procedures.
• Define, implement, and maintain security frameworks such as SOC 2, ISO 27001, NIST, and HITRUST.
• Lead and support all aspects of information security policies, standards, and processes as it relates to certification and compliance requirements.
• Manage ongoing compliance, evidence collection, and all processes related to annual audit reports.
• Work with the Technical Services team to identify, evaluate, select, and implement security protection measures and controls.
• Assist with information security awareness and training program.
• Conduct risk assessments of internal and cloud systems, policies, and procedures.
• Review threat intelligence feeds for new threats and works with staff to identify and resolve issues.
• Analyze and understand incident response processes and provides feedback to increase efficiency.
• Work with members of the Technical Services team to secure data, networks, and functions within the organization.
• Respond to client-driven security assessments of internal information systems, policies, and procedures and manage relationships with third party clients and vendors.
• Ensure adequate controls are in place to meet regulatory and industry standard security requirements.
• Design and perform periodic information risk assessments including compliance monitoring activities, penetration testing, and security audits.
• Participate in the design and implementation of recommended information security controls associated with new project application/system deployments.
• Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
  
  

What You’ll Bring To The Table

• Bachelor’s degree preferred.
• Minimum five (5) years of related work experience.
• Technical knowledge of computer systems and enterprise networks.
• Experience with global privacy laws (i.e. GDPR and HIPAA).
• Experience with implementing security frameworks such as SOC 2, ISO 27001, NIST, and HITRUST.
• Demonstrated experience with monitoring and logging concepts, principles, and leading industry practices, including but not limited to security information, event management (SIEM), attack surface management, threat intelligence, incident response, vulnerability management, and log management.
• Demonstrated experience with vulnerability assessments, penetration tests, and security audits.
• Familiar with SIEM, MDR, E/XDR tools, Windows desktop and server security tools and topics, Azure security, Windows Event logging, syslog, and related telematics topics.
• Knowledge of industry regulations and guidelines.
• Knowledge of Microsoft Office Suite (Excel, Outlook, PowerPoint, and Word).
• Strong written and verbal communication skills.
• Strong organizational skills.
• Ability to work under tight deadlines and prioritize responsibilities.
• Ability to handle and maintain confidential information.
• Proven experience working in a fast-paced environment.
• Ability to develop and motivate technology teams, inclusive of staff and third-party vendors/consultants.
• Ability to fulfill on-call duties for IT emergencies outside of Firm business hours.
• May require more than 40.0 hours per week to perform the essential duties of the position.
  
  

What You Can Expect From Us

We are committed to providing an exceptional employee experience. You can expect:

• Competitive compensation—the salary range for this position is $110,000 to $130,000. This position is also eligible for bonus compensation on a discretionary basis. The actual salary offered for this position will be determined based on job-related, non-discriminatory factors including qualifications and experience, education, external market data, and internal equity.
• Comprehensive benefits package—includes tuition reimbursement up to $75K, low healthcare premiums, wellness benefits, and more! To learn more about our benefits offerings, click here.
• Hybrid work environment with three coordinated in-office days per week.
• Open culture where your voice is heard, your input is sought, and your contributions are rewarded.
• Fun and engaging culture including frequent social events.
• Amenities that include a fitness center, rooftop terrace, standing desks, espresso, fresh fruit, breakfast and afternoon snack, billiards, and ping pong.
• Employee-driven community outreach program featuring fundraising events (e.g., trivia, game shows, cooking competitions, etc.), volunteer opportunities, and matching funds along with our pro bono program.
• Investment in your career through training programs, an assigned mentor and peer coach, and frequent feedback.
• Networking opportunities through employee interest groups, Women’s Network, International Network, Diversity-Inclusion Council, and BWProud Network.
  
  

If you are interested in joining our team, please submit a resume.

Bates White is an equal opportunity employer and does not discriminate based upon race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, protected veteran status, status as a qualified individual with a disability, or any other characteristic protected by law. If you are an individual with a disability and you need an accommodation or other assistance during the application process, please call our Human Resources department at (202) 408-6110 or email your request to careers@bateswhite.com. All qualified applicants are encouraged to apply. Download the Know your Rights Poster for more information.