Information Security Governance Support Analyst Position Available In Fulton, Georgia

Information Security Governance Support Analyst
locations
Atlanta
time type
Full time
posted on
Posted 2 Days Ago
job requisition id

JR100569 THE FIRM

As a leading international law firm, we are dedicated to excellence through impactful communication, collaboration, and community involvement. Our company culture has earned us one of the “100 Best Companies to Work For” for 26 consecutive years. This honor, along with many others, highlights our commitment to innovation and professional development. At Alston & Bird LLP, our foundation is made of trust, reliability, and compassion.

JOB DESCRIPTION

Under the direction of the Data Protection Governance Manager, perform a variety of duties focused on information security governance. This assessing new and existing third-party vendor risks, tracking of third-party remediation efforts, management of continuous monitoring of third-parties, support and expansion of the third-party risk management program, development and delivery of security awareness education and other efforts related to maintaining the Firm’s governance, risk, and compliance program.

ESSENTIAL DUTIES

Assist with management of Third-Party Risk
Conduct comprehensive risk assessments of vendors, focusing on areas such as security measures, and compliance with information security/cyber security frameworks.
Evaluate vendors’ IT and information security systems to identify potential risks and vulnerabilities.
Develop and implement vendor risk management policies and procedures.
Collaborate with procurement and legal teams to ensure vendor contracts include necessary risk mitigation clauses.
Monitor vendors’ performance and compliance with contractual obligations.
Prepare reports, summaries, and metrics on third-party security assessments to stakeholders.
Collect updated vendor assessment responses from existing vendors; review such materials against previously stated responses and/or previously provided evidence and in the context of the current risk environment.
Analyze and interpret third-party security assessment findings and provide recommendations and remediation plans to mitigate identified risks.
Monitor and track third-party risk issues, ensuring timely resolutions and appropriate risk mitigation actions are completed. Coordinate responses to client security inquiries.
Prepare responses based on details of our technical and policy environment.
Collect and/or prepare evidence, as necessary.
Communicate progress to team members and clients. Support governance initiatives.
Maintain current knowledge of industry recognized risks and security vulnerabilities as well as current security solutions.
Remain aware of industry standards, compliance and regulation requirements and best practices.
Recommend and/or support certification efforts.
Identify, develop, and document policies and procedures. Support other initiatives of the Information Security team.
Monitor software installations to ensure compliance with firm policy.
Assist in development and delivery of security awareness training.
Support initiatives and special projects of other teams as required. Manage and monitor configurations related to Firm policies, client-specific policies and/or product-specific policies.
Identify and recommend enforcement capabilities.
Coordinate establishment of necessary controls
Manage exceptions and exclusions.

SKILLS NEEDED TO BE SUCESSFUL

Thorough understanding of governance concepts, approaches, controls, and frameworks.
Strong technical understanding of security concepts, principles, and best practices in areas such as: enterprise IT infrastructure and architecture, operating systems, servers, web applications, endpoint and network security, identity and access management, security protocols, cloud security, cryptography, secure coding, SSDLC, penetration testing, vulnerability management, patch management, SIEM, etc.
Solid understanding of cloud vendors and the varying responsibilities between IaaS, PaaS, SaaS, etc.
Experience with relevant governance frameworks (ISO27000, NIST CSF, etc.)
Familiarity with relevant laws and regulation requirements (HIPAA, state privacy laws, EU privacy, GDPR, etc.).
Experience in compliance, risk assessments, investigations, or other forensic reviews.
Strong professional verbal and written communication skills, explaining technical information to clients, vendors, senior management, and staff (both technical and non-technical) and ability to apply knowledge and deductive reasoning.
Ability to work well in a team (team player) and individually (self-starter)
Ability to multitask and switch focus among multiple different efforts quickly.
Excellent organizational and self-management skills.

EDUCATION & EXPERIENCE

Associate or bachelor’s degree is strongly preferred. Prior technical experience and prior risk, compliance or governance is required. Applicable certification (CISA, Security+, CISSP, CGEIT, etc.) strongly preferred.
2+ years of experience in risk management required. Cross functional experience in IT or information security governance, risk management and compliance (GRC), with a focus on third party risk management and vendor management preferred.
Experience executing and managing cybersecurity assessments in a heavily regulated industry.
Knowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as

ISO 27001, NIST CSF, NIST SP

800-53, GDPR, and other industry-specific regulations.

EQUAL OPPORTUNITY EMPLOYER

Alston & Bird LLP is an Equal Opportunity Employer does not discriminate on the bases of any status protected under federal, state, or local law. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law on the basis of race, color, religion, sex, age, sexual orientation, gender identity and/or expression, national origin, veteran status or disability in relation to our recruiting, hiring, and promoting practices. The statements contained in this position description are not necessarily all-inclusive, additional duties and responsibilities may be assigned, and requirements may vary from time to time. Professional business references and a background screening will be required for all final applicants selected for a position. If you need assistance or an accommodation due to a disability you may contact garett.bechdolt@alston.com. Alston & Bird is not currently accepting resumes from agencies for this position. If you are a recruiter, search firm, or employment agency, you will not be compensated in any way for your referral of a candidate even if Alston & Bird hires the candidate.