Winston & Strawn LLP · 12 hours ago
Chicago- Senior Security & Compliance Analyst
Maximize your interview chances
Law Practice
Growth Opportunities
Insider Connection @Winston & Strawn LLP
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Develops and maintains information risk and security policies, procedures, and baseline standards. Coordinates with operations and engineering teams to drive adoption.
Supports strategic risk planning and budgeting activities. Assists with identifying and prioritizing risk remediation projects.
Measures and monitors the progress of security compliance initiatives, metrics, and key performance indicators (KPIs).Assists in preparing and communicating status to firm leadership.
Performs risk assessments of new technology solutions to identify potential privacy and information security risks. Coordinates with relevant project sponsors to report on issues and identify opportunities for risk mitigation.
Perform third-party vendor security risk assessments for new and monitor security performance of existing vendors. Manage the distribution of third-party risk assessment questionnaires (e.g., SIG) and track compliance with security expectations.
Supports Conflicts and Business Development teams by reviewing security requirements in client engagement letters, outside counsel guidelines, and RFPs for alignment with established firm standards.
Facilitates and coordinates responses to client security inquiries, questionnaires, and assessment requests. Tracks and coordinates identified issues through resolution.
Performs and coordinates ongoing security reviews and assessments to measure and validate internal control effectiveness (e.g., network penetration testing, red team assessments, process maturity reviews, technology gap assessments).
Manages and maintains internal GRC tooling, control frameworks, and security artifacts and evidence.
Leads and supports internal security awareness and training efforts and campaigns (e.g., developing annual training materials, conducting phishing exercises, evangelizing security awareness in ad-hoc presentations).
Leads internal ISO 27001 compliance activities (e.g., ISMS management reviews, internal audits, risk assessments). Coordinates and liaises annual certification and surveillance audits.
Identifies potential security threats and vulnerabilities through threat feeds, vulnerabilities scans, and other mechanisms. Coordinates the timely resolution of vulnerabilities with relevant business and engineering stakeholders.
Participates in incident response tabletops, business continuity tests, and other compliance activities and exercises.
Supports and assists with various security projects (e.g., program enhancements, process improvements, security tool implementations).
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree in information security, information technology, computer science, or related field required.
3 + years of experience in two or more domains of information security, risk and compliance (GRC), or IT audit required.
This role is fully remote and must reside in a commutable distance to the local applicable office.
Preferred
Broad knowledge and experience with fundamental security processes and associated controls.
Deep knowledge of and experience working with leading information security standards (e.g., NIST, ISO 27001) and relevant privacy regulations (e.g., GDPR, CCPA, HIPAA).
Experience in professional services, consulting, or client-facing role is a plus.
Relevant security certifications (e.g., CISSP, CISA) are a plus.
Benefits
Comprehensive healthcare benefits package
Yearly retirement contribution
Annual discretionary merit bonus
Company
Winston & Strawn LLP
Winston & Strawn LLP is an international law firm with more than 975 attorneys in key financial centers around the world.
Funding
Current Stage
Late StageRecent News
2024-04-06
2024-04-06
2024-04-06
Company data provided by crunchbase