Under the supervision of the General Counsel (GC) and in collaboration with senior IT staff, this position is responsible for examining and addressing security risks and threats that could impact the agency's network, data, and intellectual property. The role includes recommending and helping implement strategies to mitigate threats, ensuring compliance with relevant legal and regulatory requirements, and supporting the overall information governance and security initiatives of the department.
This position provides a unique opportunity to learn and grow in the field of cybersecurity while working closely with the GC and legal department to protect the agency's digital infrastructure. The ideal candidate will have strong attention to detail, communication skills, and a solid understanding of risk management and compliance processes.
Job Responsibilities and Performance Standards
- Actively monitor and support internal and external systems for potential security risks, collaborating with IT and legal teams as necessary to ensure compliance with legal requirements.
- Compile and present audit reports to the General Counsel and other stakeholders, identifying and mitigating potential security risks.
- Report on KPIs related to governance, compliance, and regulation, ensuring thorough and accurate reporting to the GC and relevant department heads.
- Advise and support the GC and IT in defining information security policies, controls, and best practices, ensuring compliance with legal and regulatory standards.
- Lead the organization's security awareness program, ensuring all staff complete necessary training, especially related to compliance and data privacy.
- Assist with security assessments during project and change management initiatives, ensuring that legal implications of system changes are evaluated.
- Maintain a threat and information risk register, making recommendations to the GC for appropriate remediation actions.
- Develop detailed documentation for systems, processes, and security protocols in compliance with department policies.
- Ensure security and privacy controls across infrastructure, applications, and data are maintained in line with legal and regulatory requirements, supporting the GC's efforts in compliance oversight.
- Respond to internal and external inquiries regarding security incidents, providing direct assistance and resolution for issues that affect the agency's infrastructure.
- Collaborate with other IT staff and the GC to create and maintain accurate documentation supporting security and risk management protocols.
- Support business continuity processes (e.g., backups, replication) in line with the agency's security and compliance standards, as directed by the GC.
- Liaise with third-party vendors to maintain compliance with security standards and ensure vendor systems are secure and meet legal requirements.
- Assist the legal team with the development and maintenance of data protection policies, training materials, and security procedures.
- Participate in other IT projects and initiatives, contributing to the continuous improvement of the department's security posture and its alignment with legal obligations.
- Stay informed on emerging trends, technologies, and best practices relevant to the role and security compliance.
Minimum Skills, Training, and Experience
- CompTIA Security+, CASP+, CySA+ certification, or equivalent.
- Certified networking credential (CompTIA Network+, Cisco CCNA) or equivalent.
- At least 1 year of experience managing endpoint security solutions, with a focus on legal and compliance risks.
- Strong problem-solving and risk analysis abilities.
- Familiarity with common IT protocols and technologies, including security systems, cloud computing, and compliance tools.
- Thorough understanding of Microsoft Windows 10, Microsoft Office, and data protection protocols.
- Experience with an enterprise directory (e.g., Azure Active Directory) and understanding of legal aspects related to user and system access.
- Excellent communication and interpersonal skills, with the ability to explain complex technical concepts to a non-technical, legal audience.
- Ability to collaborate effectively with cross-functional teams, especially legal and IT departments.
Preferred Qualifications
- A 2- or 4-year degree in Cybersecurity, Information Technology, or a related field from an accredited college or university.
- Experience with cloud or IaaS solutions (e.g., AWS, Azure, Office 365, GCC) in a regulated environment.
- Experience with mobile device management (MDM) and its security compliance.
- Familiarity with GNU/Linux, OSX, and other operating systems from a security perspective.
for consideration please send your resume to jsilva(@)adamsmartingroup.com
All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the California Fair Chance Act, City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, and Los Angeles County Fair Chance Ordinance. For unincorporated Los Angeles county, to the extent our customers require a background check for certain positions, the Company faces a significant risk to its business operations and business reputation unless a review of criminal history is conducted for those specific job positions.