Information Security Analyst
Sidley Austin LLP 17 reviews - Chicago, IL

This job posting is no longer available on CareerBuilder. Find similar jobs:Information Security Analyst jobs - Sidley Austin jobs

Introduction to Sidley: Sidley Austin LLP is one of the worlds largest full-service law firms, practicing in 18 U.S. and international cities and for the second straight year, Sidley Austin LLP was selected as one of Chicagos Top Workplaces and featured on the Chicago Tribunes annual Top 100 Workplaces list.In addition to being a professionally and personally rewarding workplace, we offer a competitive salary along with a comprehensive benefits package. Our benefits include a generous combined leave program, performance and year-end bonuses, medical and dental plans, 401(k) and retirement plans, and a public transportation benefit. Summary: Information Security Analyst will provide support for the Architecture and Risk Management functions of the IT Security department. This will include but is not limited to completing risk assessments of new technologies being deployed to the environment, tracking the remediation progress of identified risks, working with automated vulnerability scanning solutions to identify known vulnerabilities, and researching potential vulnerabilities identified to determine remediation or mitigation steps. This position will also engage internal IT departments to provide security-level consulting including business requirements analysis, network and system security requirements analysis and vendor product reviews. The Information Security Analyst will also support the evaluation of technical control effectiveness, identifying emerging technologies, and management of the security technology lifecycle management.Essential Duties and Responsibilities: Support risk management program used for both internal risk assessment and security solution/asset prioritizationComplete reoccurring risk assessments across IT owned and managed systems/solutionsSupport initiatives to determine and document compliance to Firm, client, and regulatory expectationsPerform maintenance tasks associated with the automated vulnerability scanner and configuration compliance solutions as requiredGenerate reports and review findings from vulnerability scanner and configuration compliance solutions with appropriate contacts to prioritize remediation efforts associated with identified vulnerabilities and track those efforts based on defined processesGenerate metrics reports on defined basis to track overall remediation of vulnerabilities and compliance to defined standardsCommunicating risks based on threat and vulnerability observations clearly to leaders and subject matter expertsSecurity Event and Monitoring and Incident ResponseConsult on projects to assess risk & to ensure the information security requirements are included in the project and aligned to business requirementsSupporting the maintenance of the enterprise strategy and architecture for information security services, mechanisms and safeguardsMaintaining job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
Qualification Requirements: To perform this job successfully, an individual must be able to perform each Essential Duty and Responsibility (the Essential Duties') satisfactorily. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the Essential Duties.Education and/or Experience: Required: Bachelor's degree in Infrastructure Assurance, Information Systems, or Computer Science preferred or equivalent experienceA minimum of 2 years experience in the field of IT Security, Information Assurance, or IT AuditingDemonstrated experience and expertise in one or more of the following areas: computer penetrating testing, web security assessments, vulnerability scanning solutions, risk assessmentsAbility to work on weekends and after-hours as necessary, especially during security incidents and emergenciesAbility to assess risk factors and advise on vulnerability of an attack from a variety of sourcesFamiliarity with IT Security services such as encryption, authentication, and intrusion detection as well as the principles of confidentiality, availability and integrity Ability to analyze and identify IT-related risksPreferred: Working knowledge ISO 27001/27002Working knowledge of IT management frameworks such as Control Objectives for Information and Related Technology (COBIT) and/or Information Technology Infrastructure Library (ITIL)At least one of the following certifications: Systems Security Certified Practitioner, Cisco Certified Security Professional, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Information Systems Manager (CISM)Other Skills and Abilities: In addition to the above, the following may also be required of the successful candidate: Excellent organizational skillsExcellent attention to detailThe use of good judgment and good interpersonal communication skillsWell developed analytical and problem solving skillsWorks harmoniously and effectively with others as part of a teamA self-starter who desires to show ownership andcommitment to the jobExercises confidentiality, integrity, and discretion

About this company
17 reviews
Sidley Austin LLP is a premier law firm with a practice highly attuned to the ever-changing international landscape. With 1,900 lawyers...