Foley & Lardner LLP
Information Security GRC Manager
Foley & Lardner LLP, Dallas, Texas, United States, 75215
Information Security GRC Manager
Location: US-IL-Chicago | US-WI-Milwaukee | US-TX-Dallas | US-FL-Tampa ID: 2024-3203 Category: Information Technology/Security Type: Regular Full-Time FLSA Status: Exempt Scheduled Hours: 40+ Workplace: Hybrid Overview
Foley & Lardner LLP is currently seeking a Manager, Information Security GRC to join our team. The right candidate will lead efforts to identify, assess, and manage Information Security risk across the firm's information and technology environment. This individual is responsible for assessing risk and control effectiveness based on industry standards in order to drive Information Security compliance, prioritization, and program planning to effectively manage risk while enabling the firm's attorneys to provide effective and secure client service. This individual is responsible for operating the risk management and audit program - leading efforts to plan, test, evaluate, document, remediate, and improve IT and security control effectiveness and maturity. This individual will collaborate with stakeholders from Information Technology and Information Security architecture and operations teams to translate risk into a strategic and operational roadmap for the Information Security program. The Manager will also be the primary liaison with key stakeholders, third-parties, and clients to coordinate internal and external security reviews and reporting. They will maintain compliance with third-party security controls, and provide subject matter expertise and independent validation of program health and metrics to senior leadership. The ideal Manager will have proven and demonstrated leadership skills including relationship-building and collaboration skills with clear ability to influence, gain buy-in and negotiate with a diverse group of key business partners/stakeholders, including senior management. Responsibilities
Conduct risk and standards-based Information Security risk assessments and IT/Security audits. Assess control effectiveness and associated Information Security capability maturity to drive strategic and operational prioritization for Information Security and Information Technology. Establish audit work programs to effectively evaluate IT operations, based on best practices, regulatory requirements, and the operating environment. Review IT and Security systems, processes, documentation, and tools to make an assessment of the firm's information technologies and business systems activities to determine operating effectiveness, risk assessment, appropriateness of testing activities in order to achieve established objectives. Maintain compliance to industry standards and certifications such as ISO 27001. Conduct reviews and special projects to verify that IT system controls are adequate and operating effectively. Develop recommendations for security controls and processes. Maintain up-to-date reports to satisfy third-party security requirements. Design and enhance all IT audit efforts, specifically audit methodology and techniques, pursuant to firm and professional standards such as COBIT. Produce a high-quality end-product that clearly documents the audit work performed while adhering to schedules and deadlines. Make oral or written presentations to management to highlight noted deficiencies and recommended corrective action to improve internal operations and reduce costs. Participate in appraising adequacy of corrective actions taken by management to improve the reported deficient conditions. Review, document, evaluate, and test business processes and/or manual and automated technology controls in the IT environment. Develop and implement testing methodologies for business processes (including Business Continuity and Disaster Recovery) and/or availability, integrity, and confidentiality in the IT environment. Comply with the firm's Professional Responsibilities and ethical standards. Perform other duties as assigned including: Responding to Requests for Information ("RFIs") from customers. Supporting the Information Security team with physical security tasks, as assigned. Qualifications
Bachelor's degree required; Degree in IT, Information Security, Computer Science, Business, Finance, or related field preferred. CISSP, CISA, CRISC, CISM or similar certifications preferred. Minimum of five (5) years of increasingly substantive roles in information security and risk management required. Prior people management experience strongly desired. Direct experience and/or management of information security systems, tools, and operational functions required. Demonstrated experience in testing, evaluating, and documenting IT controls for compliance required. Information systems internal audit experience at a mid or larger size company strongly preferred. Strong familiarity with IT auditing techniques, COBIT, ISO 27001, NIST 800-53 or equivalent framework. Solid understanding of assessing and designing internal controls in an enterprise-level environment. High level of familiarity with various data privacy, security and compliance regulations across multiple jurisdictions. Experience managing complex projects to completion. Foley & Lardner LLP is a top ranked law firm with offices throughout the United States and abroad. At Foley we strive to remain true to our core values- our clients, integrity, our people, citizenship, diversity, trust & respect, stewardship & accountability and professional satisfaction. As a result, we offer the highest quality legal counsel to our clients, as well as outstanding professional opportunities for our employees. Foley employees enjoy a comfortable, yet professional work environment, exceptional benefit package, state-of-the-art technology, work/life balance, great working relationships and much more. We invite you to consider a career with Foley.
#J-18808-Ljbffr
Location: US-IL-Chicago | US-WI-Milwaukee | US-TX-Dallas | US-FL-Tampa ID: 2024-3203 Category: Information Technology/Security Type: Regular Full-Time FLSA Status: Exempt Scheduled Hours: 40+ Workplace: Hybrid Overview
Foley & Lardner LLP is currently seeking a Manager, Information Security GRC to join our team. The right candidate will lead efforts to identify, assess, and manage Information Security risk across the firm's information and technology environment. This individual is responsible for assessing risk and control effectiveness based on industry standards in order to drive Information Security compliance, prioritization, and program planning to effectively manage risk while enabling the firm's attorneys to provide effective and secure client service. This individual is responsible for operating the risk management and audit program - leading efforts to plan, test, evaluate, document, remediate, and improve IT and security control effectiveness and maturity. This individual will collaborate with stakeholders from Information Technology and Information Security architecture and operations teams to translate risk into a strategic and operational roadmap for the Information Security program. The Manager will also be the primary liaison with key stakeholders, third-parties, and clients to coordinate internal and external security reviews and reporting. They will maintain compliance with third-party security controls, and provide subject matter expertise and independent validation of program health and metrics to senior leadership. The ideal Manager will have proven and demonstrated leadership skills including relationship-building and collaboration skills with clear ability to influence, gain buy-in and negotiate with a diverse group of key business partners/stakeholders, including senior management. Responsibilities
Conduct risk and standards-based Information Security risk assessments and IT/Security audits. Assess control effectiveness and associated Information Security capability maturity to drive strategic and operational prioritization for Information Security and Information Technology. Establish audit work programs to effectively evaluate IT operations, based on best practices, regulatory requirements, and the operating environment. Review IT and Security systems, processes, documentation, and tools to make an assessment of the firm's information technologies and business systems activities to determine operating effectiveness, risk assessment, appropriateness of testing activities in order to achieve established objectives. Maintain compliance to industry standards and certifications such as ISO 27001. Conduct reviews and special projects to verify that IT system controls are adequate and operating effectively. Develop recommendations for security controls and processes. Maintain up-to-date reports to satisfy third-party security requirements. Design and enhance all IT audit efforts, specifically audit methodology and techniques, pursuant to firm and professional standards such as COBIT. Produce a high-quality end-product that clearly documents the audit work performed while adhering to schedules and deadlines. Make oral or written presentations to management to highlight noted deficiencies and recommended corrective action to improve internal operations and reduce costs. Participate in appraising adequacy of corrective actions taken by management to improve the reported deficient conditions. Review, document, evaluate, and test business processes and/or manual and automated technology controls in the IT environment. Develop and implement testing methodologies for business processes (including Business Continuity and Disaster Recovery) and/or availability, integrity, and confidentiality in the IT environment. Comply with the firm's Professional Responsibilities and ethical standards. Perform other duties as assigned including: Responding to Requests for Information ("RFIs") from customers. Supporting the Information Security team with physical security tasks, as assigned. Qualifications
Bachelor's degree required; Degree in IT, Information Security, Computer Science, Business, Finance, or related field preferred. CISSP, CISA, CRISC, CISM or similar certifications preferred. Minimum of five (5) years of increasingly substantive roles in information security and risk management required. Prior people management experience strongly desired. Direct experience and/or management of information security systems, tools, and operational functions required. Demonstrated experience in testing, evaluating, and documenting IT controls for compliance required. Information systems internal audit experience at a mid or larger size company strongly preferred. Strong familiarity with IT auditing techniques, COBIT, ISO 27001, NIST 800-53 or equivalent framework. Solid understanding of assessing and designing internal controls in an enterprise-level environment. High level of familiarity with various data privacy, security and compliance regulations across multiple jurisdictions. Experience managing complex projects to completion. Foley & Lardner LLP is a top ranked law firm with offices throughout the United States and abroad. At Foley we strive to remain true to our core values- our clients, integrity, our people, citizenship, diversity, trust & respect, stewardship & accountability and professional satisfaction. As a result, we offer the highest quality legal counsel to our clients, as well as outstanding professional opportunities for our employees. Foley employees enjoy a comfortable, yet professional work environment, exceptional benefit package, state-of-the-art technology, work/life balance, great working relationships and much more. We invite you to consider a career with Foley.
#J-18808-Ljbffr