IT Security Compliance Administrator (Remote in PGH) (Pittsburgh)

Position summary

The IT Security Compliance Administrator supports the firm's client security audit process. Responsibilities include:

• Leading and standardizing the client audit initiative
• Responding to and collecting evidence for client RFIs, RFPs, and RAQs
• Conducting both remote and on-site audits
• Continuously improving audit and compliance processes
• Collaborating with internal IT and non-IT management to understand secure environments
• Accurately responding to client security inquiries
• Interfacing with clients, their security teams, and attorneys throughout the audit process

As a key member of the IT Security Compliance team, this role also leads initiatives including:

• ISO 27001 compliance
• Penetration testing
• Incident response
• Vendor risk assessments
• Policy management
• Vulnerability management
• Other compliance-related projects

Job duties and responsibilities

• Serve as an Information Security Consultant to all departments
  • Provide guidance on confidentiality, integrity, and availability of data
  • Assist IT functions in identifying, implementing, and maintaining policies and procedures
• Respond to client RFPs, RFIs, RAQs, and security audits regarding compliance with client security policies
• Provide periodic reports and metrics using various tools
• Monitor compliance with information security policies and refer issues as needed
• Collaborate with IT teams to understand systems such as:
  • Intrusion detection
  • Application security
  • Authentication systems
  • Identity management
  • Access control
• Lead efforts for:
  • Risk and vulnerability management
  • Penetration testing
  • Ongoing security monitoring
• Monitor policy compliance activities within IT
• Participate in development and implementation of compliance monitoring for client and business relationships
• Maintain knowledge of data privacy laws (e.g., GDPR, CCPA) and accreditation standards
• Manage and perform information security incident response processes
• Assess security risks and develop mitigation plans
• Understand administrative, technical, and physical control mechanisms
• Develop and maintain relationships with end users and stakeholders
• Provide security guidance across all levels of the organization
• Serve on special teams and project initiatives, including:
  • Research
  • Testing
  • Rollouts
  • Upgrades
  • Installations
  • Acquisitions/mergers
• Perform other duties as assigned

Job duties and responsibilities included are not exhaustive and may be supplemented as necessary. Reed Smith reserves the right to revise or modify job duties and responsibilities at any time.

Requirements

Education:

• Bachelor's degree in computer science, Information Security, Business, or Engineering required
• Equivalent work experience considered
• CISA and/or CISSP certification preferred

Experience:

• Minimum of three to five years of experience in information systems, including project management
• Extensive understanding of hardware and software architectures
• Proven experience developing security policies and procedures
• Experience implementing internal audit programs and participating in IT audits
• Background applying advanced IT security concepts
• Experience coordinating information security audits and related projects
• Legal or professional services industry experience preferred

Skills:

• Strong written and verbal communication skills
• Ability to communicate effectively with technical and non-technical audiences
• Proficiency in conducting audits and analyzing evidence
• Ability to interpret and apply regulatory and compliance requirements
• Ability to develop and implement security policies and best practices
• Strong analytical skills to interpret and present security metrics and data
• Proficiency in managing information systems and security tools
• Strong prioritization and time management skills
• High level of professionalism, discretion, and sound judgment
• Proficiency in Microsoft Office Suite and compliance tracking tools
• Ability to work independently or as part of a team in a remote or hybrid environment

Other

Supervisory responsibilities: