Job Information
FOLEY & LARDNER LLP Information Security Risk Specialist in SALT LAKE CITY, Utah
Information Security Risk Specialist US-IL-Chicago | US-WI-Milwaukee | US-Washington DC | US-TX-Dallas | US-MA-Boston | US-UT-Salt Lake City | US-FL-Tampa | US-CO-Denver
ID 2024-3105
Category Information Technology/Security
Type Regular Full-Time
FLSA Status Exempt
Scheduled Hours 40+
Workplace Hybrid Overview
Foley and Lardner LLP is looking for an Information Security Specialist to join our Information Security Governance, Risk, and Compliance (GRC) team. The GRC team drives efforts to maintain a secure operating environment in compliance with internal and external requirements, and is responsible for the identification, assessment, tracking, and remediation of information security risk within the organization.
The Security Specialist will work in a team environment and liaise with cross-functional partners to achieve these efforts.This may include, but is not limited to, responding to external security inquiries and questionnaires, performing risk assessments against specific technologies, performing third party risk management activities, assisting in efforts to maintain ISO 27001 compliance, and enhancing policy and procedure documentation.
Responsibilities
Update and maintain the firm's risk management program and risk register; document risk exception and risk acceptances in accordance with defined policies and procedures * Facilitate examinations by security assessors and auditors for compliance obligations, such as ISO 27001, and other external requirements * Support the firm's third party risk management program, including vendor assessments and review of contractual security requirements * Track and drive the remediation of findings from assessment and audit activities * Update and review security policies and procedures * Develop and enhance security awareness and training materials and activities * Perform access reviews across key logical and physical systems within the organization * Respond to tickets and alerts escalated to the GRC team * Work closely with security operations and architecture teams to align and improve information security practices
Qualifications
- Minimum of two (2) years of experience within the GRC domain, such as audit, risk management, and security policy management
- High School Diploma/GED required; Bachelor's DegreeinCybersecurity, Management Information Systems, Information Technology, or related field desired (relevant work experience may be considered in lieu of a degree)
- Familiarity with industry frameworks, such as ISO 27001, NIST 800-53, or NIST CSF strongly preferred
- Professional security certifications (e.g., CISSP, CISA, CRISC, etc.) a plus
- Strong communication and relationship building skills; ability to articulate complex security concepts to both technical and non-technical audiences required Foley offers a comprehensive benefit program which currently includes Paid Time Off; Paid Holidays; Medical, Dental and Vision insurance; 401(k) Retirement; Disability and Life insurance; Adoption Assistance; Backup Care for Dependents. Foley and Lardner LLP is a top ranked law firm with offices throughout the United States and abroad. At Foley we strive to remain true to our core values- our clients, integrity, our people, citizenship, diversity, trust and respect, stewardship and accountability and professional satisfaction. As a result, we offer the highest quality legal counsel to our clients, as well as outstanding professional opportunities for our employees.
Foley employees enjoy a comfortable, yet professional work environment, exceptional benefit package, state-of-the-art ; technology, work/life balance, great working relationships and much more.
We invite you to consider a career with Foley.
Affirmative Action/Equal Opportunity Employer/M/F/Vet/Disabled.