Join Goodwin’s Global Operations Team, and make a real impact on a global scale. At Goodwin, we work with some of the world’s most successful and innovative investors, entrepreneurs and disruptors in the life sciences, private equity, real estate, technology and financial industries, and where they converge. As part of the Global Operations Team – all business professionals at the firm – you’ll collaborate with colleagues from varied backgrounds and experiences, fostering an environment where cross-functional learning, networking, and collaboration are at the core of what we do.
Here, we’re not just supporting a law firm; we’re partnering with attorneys and clients to deliver cutting-edge solutions in high-stakes litigation and dispute resolution, world-class regulatory compliance and advisory services, and complex transactions. Our commitment to integrity, ingenuity, agility, and ambition drives us, and we’re proud to have been recognised as the “Best Business Team” by The American Lawyer.
This is your opportunity to grow professionally in a dynamic, global environment, surrounded by forward-thinking peers.
Working with the Director, Information Security, this position is responsible for the operation, implementation, management, auditing and reporting, and engineering support of Goodwin’s network and information security systems infrastructure. Assists with security automation, threat detection engineering, risk assessments, vulnerability management, incident response, and disaster recovery testing. Provides internal consulting to project owners and technical resources to ensure the confidentiality, integrity and availability of firm data and systems. Reviews, tests and implements new security technology platforms. Advocates information security practices to all firm members.
What You Will Do:
Identify new threats to IT systems and create rules to identify, prevent and remediate.
Expand security auditing and ensuring the proper ongoing operations of security tools
Providing internal information security consulting for other business and IT projects. This includes identifying, documenting and implementing secure configurations and architectures.
Assist with the creation and maintenance of security policies, standards, guidelines and other documentation for IT and business audiences.
Responsible for security metrics on a monthly basis to ensure the proper service levels are maintained.
Support incident response lifecycle including identification, triage, remediation and communications for security breaches and malware infections.
Identify latest security vulnerabilities, malware, breaches, and industry news which could affect the firm
Maintains vulnerability management process including identification, rating, remediation and monitoring.
Provides additional coverage for approvals and notifications to other IT groups for critical time sensitive operations including firewall changes, password reset approvals, and application vetting.
Assist with automation of security processes, integration of security platforms, and creation of tools.
Ongoing reviews of access controls by investigating improper access; revoking access; reporting violations; monitoring requests; recommending improvements
Provides technical leadership for incident response capabilities including malware analysis, breach investigation, and remediation efforts.
Creation of internal training materials and other items to support the advancement of information security within the firm.
Maintains awareness of industry trends and their advantages with the ability to make recommendations for improving technology used by the firm.
Participates in and/or manages cross-functional team projects to implement new or updated technology.
Cross-trains other IT staff in security best practices, the use or maintenance of technology.
Effectively manages small projects.
Displays professionalism, quality service and a "can do" attitude to internal members/departments of the Firm as well as external clients and vendors via electronic and print correspondence, over the telephone and in-person.
Provides information security knowledge transfer to other IT staff and business
Assumes additional responsibilities as assigned.
Who You Are:
Bachelor’s Degree or equivalent.
Minimum of 3 years’ experience working in the capacity of an Information Security Analyst
CISSP or equivalent preferred
Expert knowledge in IT Security frameworks and solutions.
Active participation in IT Security Forums inside/outside of the Legal Industry.
Excellent technical communication skills with a strong desire to achieve customer satisfaction; must be able to communicate effectively across entire organizations.
Operating knowledge of security configurations with respect to one or more of the following security products
SIEM: Splunk, Sentinel
Firewalls: Cisco, Palo Alto Networks
IDS/IPS: Cisco, Palo Alto Networks
NAC: Cisco, Aruba
Vulnerability Management: Tenable, Rapid7
Programming Languages: Python, Powershell, Node.js
Security Automation: LogicApps, Power Automate, Splunk
Operating knowledge of security issues associated with one or more of the following cloud platforms: Azure, AWS
Strong security knowledge of O/S (desktop and server) Security – Windows, Mac, Linux.
Strong security knowledge of browser security issues (Edge, Chrome).
Ability to learn new technologies and security features.
Excellent analytical, problem solving and troubleshooting skills.
Excellent organizational, interpersonal, communication and customer service skills.
Knowledge of ITIL Service Management principles.
Travel 1 week per quarter
#LI - TV1
Benefits and More
At Goodwin, you will discover your next career opportunity with a rewarding compensation package and comprehensive benefits, including:
Flexible work arrangements and hybrid work schedule
Health, dental, and vision insurance
Life and disability insurance
Retirement & Savings Plan
Emergency back-up child and adult care
Paid vacation, sick time off, and holidays
Professional development and career advancement opportunities
Employee recognition and reward programs
Employee wellness and assistance programs
Employee discounts and perks
Consistent with the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance an arrest and conviction record will not automatically disqualify a qualified applicant from consideration.
Consistent with the SF Fair Chance Ordinance, an arrest and conviction record will not automatically disqualify a qualified applicant from consideration.
Goodwin Procter LLP is an equal opportunity employer. This means that Goodwin Procter LLP considers applicants for employment, and makes employment decisions without unlawful discrimination on the basis of race, color, gender, gender identity or expression, age, religion, national origin, citizenship status, disability, medical condition, genetic information, marital status, sexual orientation, military or veteran status, or other legally protected status.
To request a reasonable accommodation to participate in the job application or interview process in the US, contact the Benefits Department by email or by phone at 617-570-1800. To request any disability or neurodivergence related accommodations to participate in the job application or interview process in the UK or Germany, please email the Recruiting Department. Any information you provide will be in the strictest confidence, and only used for the purpose of providing the accommodations needed. Requesting accommodations will not adversely affect the outcome of your application.