The Compliance Administrator, Technology Support Services (TSS) will support the delivery of governance, risk, and compliance services as part of the Firm’s ITSM, ISO 27001, privacy compliance, information security, business continuity, third party vendor management, and related programs and processes. The Compliance Administrator will work directly with all groups within the global TSS department to ensure appropriate and required IT systems documentation is organized, profiled, published, updated and accessible. The Compliance Administrator will participate in the completion of both internal and third party risk assessments; assist the Project Management Office (PMO) Manager to convey information security, privacy, business continuity, contractor controls, and IT operational requirements to TSS project teams. The Compliance Administrator will work under the direction and guidance of the PMO Manager while coordinating specific activities with managers in the TSS department, Information Governance, and other departments and practices across the Firm. The Compliance Administrator, Technology Support Services (TSS) is expected to perform all job duties with a commitment to providing superior service to clients, producing quality work products, and maintaining an atmosphere of teamwork and continuous improvement. Above all, the Compliance Administrator, Technology Support Services (TSS), must fulfill the needs of the Firm in a manner which is consistent with the Firm’s visions and values.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Assists in the process to identify, analyze, and summarize potential risks introduced by the Firm’s use of consultants, contractors, suppliers, software as a service, and other third parties.
Ensures third party due diligence and ongoing monitoring controls are applicable in context of specific vendor’s services.
Coordinates Third Party/Vendor Risk Management assessments with external parties using standard evaluation forms and online tools. Reviews vendor responses and assesses compliance with Jones Day’s policy and standards as well as applicable laws and regulations. Identifies and analyzes specific risk conditions related to an external party and communicates the results of reviews to TSS management. Works with appropriate internal stakeholders to evaluate risks and to make a determination to proceed. Documents all steps in the review and approval process. Validates evidence of compliance presented by vendors prior to closing out risk remediation plans.
Contributes to the development and implementation of Third Party/Vendor Risk processes, tools, policies, standards and procedures in alignment with the Firm’s Information Security program and evolving privacy regulations. Incorporates feedback from vendors and internal stakeholders to continuously improve the Firm’s risk program.
Facilitates discussions for the resolution of risk and compliance issues identified during periodic risk evaluations, RFP/RFI and contract reviews, and other activities related to vendor security and contract performance.
Collects data for and prepares quarterly performance report of the Firm’s Third Party Vendor Risk Management Program.
Administers TSS policy and procedures governing published IT documentation by coordinating with document owners to validate currency, quality, completeness, and relevance. Assumes administrative control of the department’s technical library. In coordination with TSS management team, establishes standards for documentation templates, document profiles and metadata, access controls, documentation taxonomy, and periodic review cycles.
Actively participates in the Firm’s ISO 27001 certification efforts and subsequent maintenance of certification.
Provides support of special compliance and IT document management projects as assigned.
ESSENTIAL KNOWLEDGE, SKILLS AND ABILITIES:
Basic knowledge of Information Security standards and frameworks (in particular ISO 27001) with an understanding of the "why" behind the controls and not just the controls themselves.
Understanding of Software as a Service and other cloud based services, as well as the implications off-premises IT services bring to overall system security, access control, data privacy, and system integration controls.
IT background and practical knowledge of a variety of technologies including operating systems, servers/storage, network and web infrastructure, database architectures, software development, endpoint management, advanced threat protection, data loss prevention, and intrusion detection and prevention systems.
Understanding of software development life-cycle and application security, Infrastructure-as-a-Service, and Software-as-a-Service security concepts.
Ability to work detailed issues within the context of the Firm’s TSS strategy, risk tolerance, confidentiality and security policies.
Organized, with strong planning, documentation, and task management abilities.
Strong interpersonal and oral/written communication and negotiations skills.
Strong analytical and problem solving skills.
Proficient in using Microsoft Office Suite (Excel, SharePoint, Word, PowerPoint) as well as strong background in the use of document / content management systems.
Jones Day is an Equal Employment Opportunity Employer
EDUCATIONAL/JOB EXPERIENCE REQUIREMENTS:
Bachelor’s degree required; Information Technology, Information Security, or Technology Management programs preferred.
Three years of experience within risk management, IT auditing, system administration, or privacy control processes.
Preference given to candidates with applicable certifications: GIAC (e.g., GSNA, GCCC), ISC2 (CAP or Associate), IAPP (CIPT, CIPP), or other Information Security certifications; and ITIL v4 Foundations.
Additional Salary Information: Commensurate with experience
About Jones Day
With more than 2,500 lawyers on five continents, Jones Day ranks among the world's largest law firms. Jones Day seeks to employ the most qualified people for every position in the Firm, continually delivering superior client service through professional excellence and teamwork. Jones Day offers competitive compensation, excellent benefits and career advancement opportunities in a stimulating work environment.