Sidley Austin LLP

  • Information Security Analyst

    Recruiting Location US-IL-Chicago
    Department
    Information Technology
  • Summary

    The Information Security Analyst is a member of the IT Security team and works closely with other IT teams and business stakeholders in the development and automation of core functions supporting the Information Security program.

     

    The Information Security Analyst works to support the continued maturity of the GRC program through the development and compliance of IT Security policies and procedures and Security Awareness training.  He/she will also support GRC Audit deliverables and respond to client related security inquiries.

    Duties and Responsibilities

    • Support client needs by providing thorough and timely responses to security inquires, questionnaires, participation in onsite and virtual audits and risk remediation.
    • Support the GRC program through service delivery of operational activities and related functions to include but not limited to vendor management, security awareness, audit and compliance and exception management.
    • Provide input and analysis in the development and deployment of IT Security service deliverables to include but not limited to policy and procedures, risk assessment and control evaluation, security awareness and training, exception management and risk remediation.
    • Provide platform administration of GRC related solutions, as required and develop/ maintain system documentation supporting usage of third party solutions in the delivery of vendor management, security awareness training and phishing campaigns. 
    • Liaise with IT and business partners to provide guidance for compliance to established IT security policies and procedures, communication of security requirements and tracking and reporting of compliance status.
    • Maintain dashboards and reporting of respective service deliverables for inclusion in monthly metrics. 
    • Liaise with IT and Business Risk Owners in the management of risk treatment/acceptance plans to include creation, tracking, closure and reporting of compliance status within GRC platform. 
    • Liaise with IT and Business Risk Owners in the management of risk treatment/acceptance plans for related security risks and work within the information security governance process to define control recommendations that are both efficient and effective.
    • Participate and contribute to information security working groups and team meetings.
    • Maintain documentation of client interactions, risk assessments and IT Security Polices and supporting procedures within document management system. 
    • Other duties as needed.

    Qualifications

    To perform this job successfully, an individual must be able to perform the Duties and Responsibilities (Duties) above satisfactorily and meet the requirements below. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job. If you need such an accommodation, please email staffrecruiting@sidley.com (current employees should contact Human Resources).

     

    Education and/or Experience:

    Required:

    • Bachelor’s degree or equivalent combination of education and/or experience 
    • A minimum of 3 years experience in the field of IT Security, Information Assurance or Security Awareness program development
    • Strong analytical skills

     

    Preferred:

    • CISSP certification, CISA certification
    • Understanding of Control Standard Frameworks such as ISO 27001, ISF Standard of Good Practice for Information Security, etc.
    • Strong technical writing and system documentation experience (e.g. System Configuration, Design and Requirements Specifications, etc.)
    • Programing skills

     

    Other Skills and Abilities:

    • The following will also be required of the successful candidate:
    • Strong organizational skills
    • Strong attention to detail
    • Good judgment
    • Strong interpersonal communication skills
    • Strong analytical and problem solving skills
    • Able to work harmoniously and effectively with others
    • Able to preserve confidentiality and exercise discretion
    • Able to work under pressure
    • Able to manage multiple projects with competing deadlines and priorities

    Sidley Austin LLP is an Equal Opportunity/Affirmative Action Employer.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed