Senior Information Security Analyst at Foley & Lardner in Washington, DC

The Senior Information Security Analyst will drive efforts to identify, assess, and manage Information Security Risk across the firm’s environment. This role will play a pivotal part in shaping Information Security strategy, decision making and the firm’s target state operating model. The Senior Analyst will perform tasks designed to ensure that our information and systems are adequately protected from cyber-attack. This may include but is not limited to: evaluating cloud systems and architecture, assisting in the identification and mitigation of infrastructure vulnerabilities, managing the configuration compliance program, performing risk assessments against specific technologies, performing third party risk management activities, developing and supporting security awareness and training initiatives, assisting in efforts to maintain ISO27001 compliance, performing contract review and facilitating client onboarding, and enhancing policy and procedure documentation.

Responsibilities

• Help establish a defined governance and operating model across the Information Security program
• Develop Information Security strategy and risk mitigation techniques as part of the broader program roadmap
• Provide subject matter expertise and assist in assessing program health and developing quantifiable metrics to support leadership in reporting on and measuring the current state of the environment
• Assist in executive leadership and board reporting activities
• Provide consultation and advice to technology, application, and business owners with respect to securely configuring and managing systems
• Perform security and architecture assessments for new technologies and projects across the environment
• Operate and enhance the firm’s third party risk management program
• Review information security requirements for both new and existing contractual agreements with outside parties
• Review and enhance IT and Security systems, processes, documentation, and tools to identify, track, and reduce risk within the firm
• Manage infrastructure and configuration vulnerabilities, including reporting and risk assessment of identified vulnerabilities
• Develop and enhance security awareness and training materials
• Facilitate ISO surveillance audits, recertification activities, penetration testing activity and internal ISO assessments
• Assist in onboarding new clients and evaluating Outside Counsel Guidelines and client requirements to ensure compliance with client requirements

Qualifications

• Minimum of four (4) years of years in increasingly substantive roles in Information Security operations, governance, risk management, and vulnerability management
• Bachelor's Degree in Management Information Systems, Information Technology, Computer Science or related field required
• Strong familiarity with at least one of the following industry frameworks: COBIT, ISO 27001, NIST 800-53, NIST CSF, or equivalent framework
• CISSP, CISA, CRISC, CISM or similar certifications preferred
• Knowledge of basic networking principles (e.g., DNS, DHCP, TCP, ACLs, etc.)
• Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys, etc.), triage and remediation
• Working knowledge of: IDS/IPS, web content filter / proxy, Endpoint Detection & Response tools, logging and monitoring tools, CASB and SIEM solutions
• Strong foundation in AWS / Azure deployment, configuration and security principles
• Understanding and familiarity with security principles within Microsoft Office 365 suite
• Familiarity with various data privacy (e.g., GDPR, CCPA, etc.) frameworks, regulations and laws
• Proven and demonstrated leadership skills including relationship-building and collaboration skills with clear ability to influence, gain buy-in and negotiate with a diverse group of key business partners/stakeholders including senior management.
• Ability to drive decision making through a consensus building approach