Join our talent network

Security GRC Specialist I

Job ID: 7112

Updated: May 3, 2023

Location: Austin, TX, United States

Category: Security Governance


About Kirkland & Ellis

At Kirkland & Ellis, we are united in our ambition and drive to move forward. We share core values that help us achieve excellence: collaboration, talent empowerment, service, inclusion, respect and gratitude. Our people are our greatest asset, and we invest in the brightest talent and encourage a diversity of perspectives and strengths to create dynamic teams that operate at the pinnacle of their field. Our talented professionals show up every day knowing they will engage in meaningful work, continuous learning and professional development.
As one of the world’s leading law firms, we serve a broad range of clients with market-leading practices in private equity, M&A and other complex corporate transactions; investment fund formation and management; restructurings; high-stakes litigation and trials; and government, regulatory and internal investigations. We handle the most complicated and sophisticated legal matters because we don’t just meet industry standards, we create them. We bring innovation and entrepreneurialism to every engagement and, as a result, have long-standing client relationships with leading global corporations and financial sponsors. With 6,500 employees (including 3,500+ lawyers) operating from 19 offices across the United States, Europe and Asia, we are one of the largest law firms in the world and a top financial performer.

Essential Job Functions

The Security GRC Specialist I serves on the Governance, Risk Compliance (GRC) team, provides subject matter expertise for Information Security (consulting to technical and non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include lifecycle management of client responses, Vendor Risk program management, policy and standards lifecycle management, and GRC platform and program management.

Essential Functions: 

  • Manage and support GRC technology and Security Governance solutions. Create and maintain system, procedural and support documentation.
  • Manage and support external assessments of internal security controls, ISO certification and SOC audits.
  • Manage and support the 3rd Party Security Vendor Risk Management program and lifecycle. Including document and perform Risk Assessments for third parties (e.g., vendors and service providers). Respond to security assessments, questionnaires and audits from clients and third-party business partners.
  • Create and maintain security policies, standards, processes, and guidelines for approval by Firm management. Evaluate exception requests and make approval recommendations to management.
  • Security Awareness support assisting in coordination of the program, including development of awareness content, scheduling of awareness activities and measuring progress of the program.
  • GRC tool management: Administration, Engineering, or both.
  • Serve as a subject matter expert for Information Security, consulting to technical management (serving on project teams, discussing application and systems architectures, etc.), non-technical management (educating the user community on information security) and attorneys (e.g., litigation-related technical education) as necessary.
  • Support of Assessment results management including GRC tool administration for tracking, remediation follow-up, and compiling risk and exception metrics for senior leadership.
  • Assist in ISO management including monitoring of risk metrics, reporting data, notes, and management of documentation.

Qualifications & Requirements

Education, Work Experience, Skills:

  • Bachelor's degree and/or three (3) years of work experience in IT Security is required.
  • Experience in technical auditing and control assessment.
  • Experience in organization and problem-solving skills.
  • Experience in project and time management skills.
  • Experience in technical writing experience such as with creating policies, instructional content, educational writing, and technical writing.
  • Strong reading comprehension skills.
  • Strong analytical ability with excellent written and verbal communication skills.
  • Strong PC skills with Microsoft (i.e. Word, Excel, PowerPoint).
  • Client focus, including tact and diplomacy.
  • Interview, gather, and understand content from subject-matter experts.
  • Maintain accurate records and manage client security and risk requests.
  • Ability to work independently and as a group member.
  • Ability to perform as Security Subject Matter Expert (SME) in at least one GRC capability.
  • Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
  • Ability to manage SharePoint administration is preferred for team intranet site management.
  • Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents.
  • Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management, and non-technical users.
  • Demonstrates the ability to communicate succinctly and effectively.
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
  • Experience with Security frameworks such as ISO 27001, NIST 800-53/63b, AICPA SOC is required
  • Prior IT Security experience in the legal industry experience is preferred.
  • Experience with hands on technical experience are preferred.
  • One or more years of experience managing timelines and being self-directed preferred.
  • Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred.


  • Expert level knowledge of at least one Security technology (such as: DLP, Access Control, Privileged Access Management, IPS/IDS, SIEM, Firewall, AV, Cloud, host and network-based anti-malware, client and server firewalling, data encryption, web filtering and email SPAM prevention, vulnerability assessment and forensic investigations, mobile device security and Mobile Device Management)
  • Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.  
  • Knowledge of risk management principles and practices.
  • Knowledge of security administration and role-based security controls.
  • Capability to facilitate diverse and/or multiple projects to integrate them into business solutions.

Certificates, Licensures, Registrations:

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.


  • For most positions, the below description will suffice. Please discuss with HR if you think you have a position where the below will not be applicable.
  • “This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, and filing cabinets.”

How to Apply

Thank you for your interest in Kirkland & Ellis LLP.  To complete an application and submit your resume, please click "Apply Now."

Equal Employment Opportunity

All employment decisions, including the recruiting, hiring, placement, training availability, promotion, compensation, evaluation, disciplinary actions, and termination of employment (if necessary) are made without regard to the employee’s race, color, creed, religion, sex, pregnancy or childbirth, personal appearance, family responsibilities, sexual orientation or preference, gender identity, political affiliation, source of income, place of residence, national or ethnic origin, ancestry, age, marital status, military veteran status, unfavorable discharge from military service, physical or mental disability, or on any other basis prohibited by applicable law.

Closing Statement

The job postings and recruiting mailbox are for candidates only. If you are a recruiter, search firm or employment agency, and do not have a signed contract with Kirkland & Ellis LLP ("K&E") and have not been asked specifically to submit candidates, you will not be compensated in any way for your referral of a candidate even if K&E hires the candidate. Direct contact with K&E employees in an attempt to present candidates is inappropriate and will be a factor in determining any future professional relationship with the Firm. #LI-Hybrid #LI-LC1