Join our talent network

Security GRC Manager

Job ID: 5424

Updated: Nov 19, 2020

Location: Chicago, IL, United States

Category: Security Governance

Share:

About Kirkland & Ellis

Kirkland & Ellis LLP is a preeminent, full-service law firm with offices around the world and a staff as diverse as the practice areas we support. Our clients range from Fortune 100 companies to medium and small corporations, financial institutions, and private equity firms.  Known for our commitment to excellence, Kirkland strives to provide superior service to our clients as well as our fellow employees. From Information Technology to Human Resources, Paralegal Services to Business Development, Kirkland offers non-attorney professionals challenging careers in a variety of functional areas. Whether starting or growing your career, Kirkland can offer a performance-driven culture filled with bright and innovative teams of co-workers.

Essential Job Functions

POSITION OVERVIEW

The Security GRC Manager is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position serves in a personnel and progam manager role, subject matter expert, and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC tool management.

The position can be based in Dallas or Chicago; if based in Dallas, there will be limited travel to Chicago.

ESSENTIAL FUNCTIONS

  • Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services.
  • Policy management: Lead in the creation and maintenance of security policies, standards, processes and guidelines. Evaluate exception requests and make approval recommendations to management.
  • Security training and awareness: Lead and mature the security awareness and phishing program.  This includes roadmap development, plan, coordinate, measure, and evaluate cyber training / education courses, methods, and techniques based on instructional needs. 
  • Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients.
  • Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting.
  • Governance: Analyze and stay current with regulations that impact information security / privacy program.

Qualifications & Requirements

Education, Work Experience, Skills

  • Bachelor's degree is preferred
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
  • Seven (7) + years of direct experience (Information Security/Governance) is required.
  • Four (4) + years of Information Security experience required. Those containing hands on technical experience are preferred.
  • Four (4) + years of management experience required.
  • Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG is required
  • Strong knowledge of risk management principles and practices is required.
  • Technical writing experience is required. 
  • Business Intelligence/Analytics (Qlik, Tableau) is preferred.
  • Prior IT Security experience in the legal industry experience is preferred.
  • Experience with instructional content, educational writing, and technical writing strongly preferred.
  • Three (3) + years of experience managing timelines and being self-directed preferred.
  • Governance, Risk, and Compliance (GRC) tool management is preferred.
  • Client focus, including tact and diplomacy is required.
  • Interview, gather, and understand content from subject-matter experts
  • Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity.
  • Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
  • Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm’s security program and controls.
  • Ability to communicate an effective security awareness message throughout the organization.
  • Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents.
  • Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users
  • Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181.

Technologies/Software

  • Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.  
  • Strong knowledge of security administration and role-based security controls.
  • Strong knowledge and use of GRC platforms.
  • Strong knowledge of Access/Identity Management technologies.
  • Strong knowledge of BI/Analytics tools.
  • Knowledge of host and network-based anti-malware technologies.
  • Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
  • Knowledge of client and server firewalling technologies and capabilities.
  • Knowledge of security event management (SIEM), event correlation and analysis technologies.
  • Knowledge of data encryption technologies.
  • Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
  • Knowledge of web filtering and email SPAM prevention techniques.
  • Knowledge of vulnerability assessment and forensic investigations tools.
  • Knowledge of mobile device security and Mobile Device Management solutions. 

Certificates, Licensures, Registrations

  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.

How to Apply

Thank you for your interest in Kirkland & Ellis LLP.  To complete an application and submit your resume, please click "Apply Now."

Equal Employment Opportunity

All employment decisions, including the recruiting, hiring, placement, training availability, promotion, compensation, evaluation, disciplinary actions, and termination of employment (if necessary) are made without regard to the employee’s race, color, creed, religion, sex, pregnancy or childbirth, personal appearance, family responsibilities, sexual orientation or preference, gender identity, political affiliation, source of income, place of residence, national or ethnic origin, ancestry, age, marital status, military veteran status, unfavorable discharge from military service, physical or mental disability, or on any other basis prohibited by applicable law.

Closing Statement

The www.kirkland.com job postings and recruiting mailbox are for candidates only. If you are a recruiter, search firm or employment agency, and do not have a signed contract with Kirkland & Ellis LLP ("K&E") and have not been asked specifically to submit candidates, you will not be compensated in any way for your referral of a candidate even if K&E hires the candidate. Direct contact with K&E employees in an attempt to present candidates is inappropriate and will be a factor in determining any future professional relationship with the Firm.