IT Security and Risk Analyst

About The Position

Requirements

• Bachelor's degree or equivalent work experience
• 3-5 years of experience managing risk and supporting client audit engagements
• Knowledge of emerging technology and the security governance implications.
• Demonstrated understanding of security risk management concepts, cyber security frameworks (NIST, ISO, etc.), control standards, secure coding principles, and security technologies.
• Knowledge of information security fundamentals, best practices and industry standards with prior responsibilities of protecting information assets.
• Knowledge of laws, regulations, and requirements related to information security.
• Strong organization and prioritization skills across multiple tasks.
• Commitment to continuous improvement and professional growth.
• Desire to ask questions, analyze, adapt, and make decisions grounded in doing what’s right for our clients and firm stakeholders.

Nice To Haves

• Any of the following certifications: CRISC, CISM, PMP, CISSP, CISA, preferred.

Responsibilities

• Conduct and manage internal risk reviews of new or existing infrastructure and applications.
• Conduct and manage third party risk assessments.
• Assist and manage client audits and ongoing compliance to completion.
• Follow-up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal/external audits to ensure that appropriate remediation measures have been taken.
• Collaborate with control owners and key stakeholders to meet outside counsel guidelines or contractual requirements around information security standards.
• Produce metrics to monitor the completion of control objectives and tracking of deficiencies or gaps in program requirements.
• Provide consulting to internal projects and efforts on security requirements and potential risks.
• Propose changes to existing policies, standards, and procedures to minimize risk and ensure compliance to client and applicable regulatory requirements.
• Assist with Security Awareness initiatives.
• Maintain an up-to-date understanding of industry best practices, and monitor the legal and regulatory environment for developments that could require changes to established policies, standards, and practices.

Benefits

• Seyfarth provides competitive salary and benefits at all levels, and our culture embraces the entrepreneurial spirit of its professionals like no other firm.
• We offer a comprehensive package of benefits including paid time off, medical/dental/vision insurance, and 401(k).