Nelson Mullins Riley & Scarborough
Information Security Analyst
Nelson Mullins Riley & Scarborough, West Columbia, South Carolina, United States, 29172
Overview Nelson Mullins, an AmLaw 100 law firm, is seeking an Information Security Analyst to join its Information Technology group in Columbia, SC. In this role, you will support the firms comprehensive information security program, with a primary focus on Governance, Risk, and Compliance (GRC) activities. The role will involve overseeing risk management processes, implementing governance frameworks, and ensuring ongoing regulatory compliance. The Analyst will also assist in general security administration, monitoring, and incident response as needed to support the diverse needs of the security team. A Day in the Life As an Information Security Analyst, you will be part of a dynamic IT team dedicated to serving the Firm's nationwide platform. The responsibilities include implementing and maintaining security policies, procedures, and controls in line with industry best practices and regulatory requirements such as ISO 27001, SOC II, and HIPAA. The role involves conducting risk assessments, identifying security risks in business processes and technologies, and recommending appropriate mitigation strategies. Additional duties include assisting with audit preparation, evidence gathering, and compliance assessments for various regulatory frameworks like NIST 800-53, ISO 27001, SOC II, and HIPAA. Managing security tools such as firewalls, encryption, antivirus, and DLP is also a key responsibility, along with identifying and responding to security incidents and maintaining incident response documentation. Evaluating the security posture of third-party vendors and software, identifying potential risks, and ensuring compliance with contractual obligations are also critical. The position requires continuously assessing and recommending improvements to the firm's security controls, policies, and governance structure to meet evolving regulatory requirements and industry best practices. Participation in cross-functional security projects, providing GRC insights and support, is expected. Additional responsibilities include supporting security awareness training programs and initiatives, driving the automation of security workflows and processes, and collaborating with the IT department on special projects, offering technical support for security-related issues when needed. We Know You The ideal candidate should have over two years of experience in IT or security administration, with a particular focus on GRC (Governance, Risk, and Compliance) activities. They should possess strong knowledge of GRC frameworks, including ISO 27001, SOC II, NIST 800-53, and HIPAA. Familiarity with technologies such as Active Directory, Microsoft Entra, Office 365, and Microsoft Defender is also essential. Additionally, we are seeking candidates who possess the following: Experience with email security, DLP, network security, and encryption best practices. Scripting skills (PowerShell/Python preferred) and experience in workflow automation tools (ServiceNow, IntApp, MS Flow). Strong analytical, problem-solving, and communication skills, with an emphasis on governance and compliance reporting. Who We Are With more than 1,000 attorneys, policy advisors, e-discovery professionals and other business professionals, Nelson Mullins has strong roots in the business community and an appreciation for new directions in the business world. As a Firm, Nelson Mullins has a strong foundation of community service and good citizenship. Our professional staff teams likewise promote these values, with opportunities to participate and play roles in various pro bono and community service initiatives. We collaborate with each other and with our clients, working side-by-side towards shared goals.