Information Security Analyst

Three Crowns LLP•Madrid, DC

73d

About The Position

Three Crowns LLP is a law firm that was founded in 2014 by specialist international arbitration advocates in the belief that international disputes call for focused advice and advocacy. The firm engages primarily in complex, high-value disputes, and counts among its clients many industry leaders and sovereign States. The firm has grown significantly in each of its offices – Dubai, London, Madrid, Paris, Singapore and Washington, DC – and now comprises over 180 people, including 19 partners. Across jurisdictions, it is regarded as a market leader. The firm seeks to hire an Information Security Analyst in the London, Paris, Washington DC or Madrid office. A key member of our Information Technology team, the Information Security Analyst will assist, and in some cases lead, in implementing and maintaining cybersecurity measures to protect sensitive legal data and client information. The role is essential to ensuring the firm’s digital and physical assets are secured against emerging threats and comply with legal industry standards and regulations. The successful candidate will conduct daily monitoring, security investigations, and contribute to assessments, audits, and documentation of security processes. The analyst will work closely with the Head of Infrastructure and Information Security, and IT colleagues to ensure that operational security controls are effectively implemented and maintained. Given the international nature of the firm, flexibility both in terms of hours and occasional travel (including international) is beneficial.

Requirements

At least five years’ experience in an information security or IT security support role, preferably within a professional services or legal environment.
A solid understanding of information security principles and common threats.
Familiarity with relevant data privacy and security regulations (e.g., GDPR, ISO 27001, Cyber Essentials).
Experience with security tools such as firewalls, endpoint protection, intrusion detection, and SIEM systems.
Experience with securing Microsoft 365, Entra Conditional Access, and Intune.
Strong analytical and problem-solving skills, with the ability to identify and communicate security issues clearly.
Excellent attention to detail and documentation skills.
Ability to work collaboratively in a fast-paced environment.
A proactive approach to learning and staying current with cybersecurity trends.

Nice To Haves

Relevant security certification(s) desirable – e.g., CompTIA Security+, GIAC GSEC, SSCP, or equivalent.

Responsibilities

Assisting with the management and maintenance of intrusion detection/protection systems, firewalls, web filtering solutions, host protection, antivirus, anti-malware, and zero-day threat protection services.
Completing out internal and external security audits and ensuring ongoing compliance with relevant standards.
Helping maintain appropriate security designs and documentation in line with best practices and firm requirements.
Run cybersecurity awareness training initiatives and helping promote good security practices across the firm.
Assisting in maintaining and testing the firm’s business continuity and disaster recovery procedures.
Implementation and execution of the firm’s incident response plan, including participation in simulation exercises and investigation of security alerts.
Monitoring the firm’s network for unusual or suspicious activity and assisting in the response to potential security incidents.
Contributing to the development and maintenance of cybersecurity policies, procedures, and guidelines.
Carry out risk assessments and regular vulnerability scans to identify potential security weaknesses and implement corrective actions.
Ensure OS and third-party patching is completed, and systems are up to date.
Assisting with ensuring compliance with data protection laws (e.g., GDPR) and other applicable regulations.
Responding to client security questionnaires and compliance reviews.
Keeping up to date with emerging cybersecurity threats, tools, and techniques.
Collaborating with IT colleagues and vendors to support the secure configuration and operation of devices, systems, and services.
Carryout a monthly information security report on key security systems and metrics.