AeroLeads people directory · profile

Andrew Sirkin Email & Phone Number

GRC Security Engineer at Foley Hoag LLP
Location: New York City Metropolitan Area, United States 3 work roles
1 work email found @cwt.com 3 phones found area 212 LinkedIn matched
✓ Verified July 2026 4 data sources Profile completeness 86%

Contact Signals · 1 work email · 3 phones

Work email a****@cwt.com
Direct phone (212) ***-****
LinkedIn Profile matched
3 free lookups remaining · No credit card
Current company
Role
GRC Security Engineer
Location
New York City Metropolitan Area, United States
Company size

Who is Andrew Sirkin? Overview

A concise factual answer block for searchers comparing this professional profile.

Quick answer

Andrew Sirkin is listed as GRC Security Engineer at Foley Hoag LLP, a with 621 employees, based in New York City Metropolitan Area, United States. AeroLeads shows a work email signal at cwt.com, phone signal with area code 212, and a matched LinkedIn profile for Andrew Sirkin.

Andrew Sirkin previously worked as Security Compliance Engineer at Arentfox Schiff and IT Security Operations Analyst at Cadwalader, Wickersham & Taft Llp.

Company email context

Email format at Foley Hoag LLP

This section adds company-level context without repeating Andrew Sirkin's masked contact details.

{first}.{last}@cwt.com
86% confidence

AeroLeads found 1 current-domain work email signal for Andrew Sirkin. Compare company email patterns before reaching out.

Profile bio

About Andrew Sirkin

As an IT security professional with extensive experience in large corporate law firms, I specialize in ensuring confidentiality, professionalism, and compliance. Trust is a crucial element in business, and your security certifications can provide that reassurance to your customers. With a deep understanding of IT systems and their security measures, I am poised to help you implement robust security measures that not only protect your firm but also instill confidence in your clients. Together, we can create a secure, compliant system that turns security into a department that generates revenue for everyone.

Listed skills include Ccna, Itil, Citrix, Microsoft Exchange, and 44 others.

Current workplace

Andrew Sirkin's current company

Company context helps verify the profile and gives searchers a useful next step.

Foley Hoag LLP
Foley Hoag Llp
GRC Security Engineer
boston, massachusetts, united states
Website
Employees
621
AeroLeads page
3 roles

Andrew Sirkin work experience

A career timeline built from the work history available for this profile.

Grc Security Engineer

Current

New York, United States

• Certified the firm from scratch in ISO 27001, 27701, & 22301.• Prepared and managed audits, compliance assessments, and security due diligence questionnaires.• Developed and implemented policies, procedures, and standards to ensure compliance with industry regulations and legal requirements.• Ensured a mature vendor management program, including selection criteria based on risk factors.• Managed the firm’s Data classification and Data Loss Prevention programs to protect confidential and privileged information and safeguard against unauthorized access, modification, destruction, and disclosure.• Assisted in the review of security requirements in outside counsel guidelines and vendor contracts.• Collaborated with cross-functional teams to establish and maintain effective Governance, Risk, and Compliance processes and practices.• Conducted risk assessments to identify vulnerabilities and potential security threats.• Monitored and assessed security controls to mitigate risks and enhance data protection.• Participated in incident response and security incident investigations as required.• Ensured compliance with backup, logging, patching, anti-virus, audit, and technical remediation activities.• Identified opportunities, through policy-driven security practices, the Principle of Least Privilege (PoLP), Role Based Access Controls (RBAC) for applications, infrastructure, and business/practice groups to prevent excessive permissions and rights to the firm’s IT environment.• Managed security awareness activities to ensure training was completed in accordance with firm requirements.• Stayed up to date with relevant laws and regulations, ensuring the firm's adherence to compliance requirements.• Kept abreast of emerging trends and technologies in information security and GRC.• Acted as a subject matter expert in GRC matters, offering training and support to colleagues as needed.• Provided guidance and recommendations to management on security best practices.

Oct 2023 - Present

Security Compliance Engineer

New York, New York, United States

• Planned, developed, implemented, and supported the company's security, governance, risk, and IT security compliance initiatives, including ISO 27001 and ISO 22301 certifications.• Advised Firm management and assisted in the design and development of new systems, applications, and solutions for enterprise-wide information and security compliance, including operations, system analysis, system design, system hardening, vulnerability scanning, incident response, disaster recovery, and business continuity planning.• Created a mature vendor management program, taking the old practice of using an Excel-based questionnaire and evolving it into a ranked form, including selection criteria based on risk factors.• Created the firm’s DLP program, merging systems into a mature and comprehensive environment.• Developed and executed plans for compliance and mitigation of risk, including policies and procedures, insider and third-party risk, risk-based audits, and internal controls.• Ensured compliance with backup, logging, patching, antivirus, audit, and remediation activities.• Assisted in evaluating, planning, configuration, and implementation of new/existing compliance applications/tools that helped ensure compliance with Firm policies and procedures.• Identified and recommended potential areas where existing data security policies and procedures required change to enhance security policies and procedures.• Developed monitoring and visibility systems for security incidents and vulnerabilities.• Identified opportunities through policy-driven security practices, the Principle of Least Privilege (PoLP), Role-Based Access Controls (RBAC) for applications, infrastructure, and business/practice groups to prevent excessive permissions and rights to the firm’s IT environment.

Sep 2022 - Oct 2023

It Security Operations Analyst

Greater New York City Area

• Earned the firm an ISO-27001:2013 certification and was responsible for developing and implementing processes to meet audit criteria.• Discovered and fixed security problems in existing operational procedures using current security frameworks and risk management methodologies. Based on these procedures, created new documentation and processes for various departments, and monitored for compliance.• Implemented a more comprehensive patch management program for servers, increasing firm's BitSight and Security Scorecard ratings by hundreds of points.• Used vulnerability scanners and pen testing along with in-depth reporting tools to discover and repair weaknesses in assets, including implementing a full patch cycle for servers.• Implemented a SEIM solution and deep monitoring of data to ensure against attacks, and was the first responder to a number of security incidents.• Subject Matter Expert (SME) in multiple information security programs and domains.• Organized and conducted the testing and rollout of DUO as a 2FA replacement for RSA.• Built and maintained a security training program for all employees, including practical training for lawyers and other admin staff, such as phishing testing, security awareness, DLP, and privacy.• Provided IT staff with security training via tabletop and live-fire incidents, and generated reports.• Worked closely with colleagues and management to reduce the budget for both security and IT.• Regularly contributed to the LS-ISAO (Legal Services Information Sharing and Analysis Organization), including weekly analyst calls to discuss trends and threats within the industry.

Oct 2013 - Sep 2022
Team & coworkers

Colleagues at Foley Hoag LLP

Other employees you can reach at foleyhoag.com. View company contacts for 621 employees →

FAQ

Frequently asked questions about Andrew Sirkin

Quick answers generated from the profile data available on this page.

What company does Andrew Sirkin work for?

Andrew Sirkin works for Foley Hoag LLP.

What is Andrew Sirkin's role at Foley Hoag LLP?

Andrew Sirkin is listed as GRC Security Engineer at Foley Hoag LLP.

What is Andrew Sirkin's email address?

AeroLeads has found 1 work email signal at @cwt.com for Andrew Sirkin at Foley Hoag LLP.

What is Andrew Sirkin's phone number?

AeroLeads has found 3 phone signal(s) with area code 212 for Andrew Sirkin at Foley Hoag LLP.

Where is Andrew Sirkin based?

Andrew Sirkin is based in New York City Metropolitan Area, United States while working with Foley Hoag LLP.

What companies has Andrew Sirkin worked for?

Andrew Sirkin has worked for Foley Hoag Llp, Arentfox Schiff, and Cadwalader, Wickersham & Taft Llp.

Who are Andrew Sirkin's colleagues at Foley Hoag LLP?

Andrew Sirkin's colleagues at Foley Hoag LLP include Andarla Hodge, Arsalan Suleman, Pablo Nilo Donoso, Caroline Donovan, and Matthew Miller.

How can I contact Andrew Sirkin?

You can use AeroLeads to view verified contact signals for Andrew Sirkin at Foley Hoag LLP, including work email, phone, and LinkedIn data when available.

What skills is Andrew Sirkin known for?

Andrew Sirkin is listed with skills including Ccna, Itil, Citrix, Microsoft Exchange, Networking, Workshare, Active Directory, and Operational Risk Management.

Find 750M verified contacts

Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.