About Kirkland & Ellis
Kirkland & Ellis LLP is a preeminent, full-service law firm with offices around the world and a staff as diverse as the practice areas we support. Our clients range from Fortune 100 companies to medium and small corporations, financial institutions, and private equity firms. Known for our commitment to excellence, Kirkland strives to provide superior service to our clients as well as our fellow employees. From Information Technology to Human Resources, Paralegal Services to Business Development, Kirkland offers non-attorney professionals challenging careers in a variety of functional areas. Whether starting or growing your career, Kirkland can offer a performance-driven culture filled with bright and innovative teams of co-workers.
Essential Job Functions
The Security GRC Specialist III serves on the Governance, Risk Compliance (GRC) team, leads the programs within the GRC team, serves in a mentoring role, acts as a subject matter expert for Information Security (consulting to technical and non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include lifecycle management of client responses, Security Vendor Risk program management, Security Awareness, Policy & Standards lifecycle management, Controls Assurance, and GRC platform and program management.
Summary of Duties:
- Oversee, evaluate, and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) systems meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
- Consult with customers to gather and evaluate functional requirements. Provide guidance to customers about applicability of information systems to meet business needs.
- Serve as a subject matter expert for Information Security, consulting to technical management non-technical management, and attorneys as necessary.
- Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.
- Develop and maintain cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance. Define and participate in long-term strategy and planning for GRC programs
- Conduct evaluations of an IT program or its individual components to determine compliance with published standards.
- Lead the management and support of the GRC technology and Security Governance solutions. Create and maintain system, procedural and support documentation.
- Manage and support the 3rd Party Security Vendor Risk Management program and lifecycle.
- Document and perform Risk Assessments for third-parties (e.g., vendors and service providers). Respond to security assessments, questionnaires and audits from clients and third-party business partners.
- Lead in the creation and maintenance of security policies, standards, processes and guidelines for approval by Firm management. Evaluate exception requests and make approval recommendations to management.
- Lead and oversee the lifecycle of the Security Awareness program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training/education courses, methods, and techniques based on instructional needs.
- Vulnerability Management: collect information on emerging threats including software vulnerabilities. Coordinate triage of and response to vulnerability information. Disseminate this information regularly to firm staff and management as appropriate.
Qualifications & Requirements
Relevant Training and Certifications:
- Preferred candidate will have one or more of the following certifications:
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications
- GRC tool management: Administration, Engineering or both
- Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity.
- Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
- Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm’s security program and controls.
- Ability to communicate an effective security awareness message throughout the organization.
- Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents.
- Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users
- Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG
- Experience (Administration or Engineering) in GRC platforms
- Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181.
How to Apply
Thank you for your interest in Kirkland & Ellis LLP. To complete an application and submit your resume, please click "Apply Now."
Equal Employment Opportunity
All employment decisions, including the recruiting, hiring, placement, training availability, promotion, compensation, evaluation, disciplinary actions, and termination of employment (if necessary) are made without regard to the employee’s race, color, creed, religion, sex, pregnancy or childbirth, personal appearance, family responsibilities, sexual orientation or preference, gender identity, political affiliation, source of income, place of residence, national or ethnic origin, ancestry, age, marital status, military veteran status, unfavorable discharge from military service, physical or mental disability, or on any other basis prohibited by applicable law.
The www.kirkland.com job postings and recruiting mailbox are for candidates only. If you are a recruiter, search firm or employment agency, and do not have a signed contract with Kirkland & Ellis LLP ("K&E") and have not been asked specifically to submit candidates, you will not be compensated in any way for your referral of a candidate even if K&E hires the candidate. Direct contact with K&E employees in an attempt to present candidates is inappropriate and will be a factor in determining any future professional relationship with the Firm.