Information Security Specialist (GRC)

Foley & Lardner LLP is a great place to work because of what we do and how we do it. Here, your unique perspectives, experiences, and abilities will be embraced and developed, so you can excel. Being a part of Foley means having the opportunities and resources necessary to gain experience, advance professional goals, and forge meaningful connections. It's a place where you can build your career and enjoy professionally satisfying work. We have over 2,300 people who are #HappyatFoley, and we think you will be too.

Foley & Lardner LLP is currently seeking an Information Security Specialist to join our Governance, Risk, and Compliance (GRC) team within our Information Security department. The Specialist will drive efforts to maintain a secure operating environment in compliance with internal and external requirements. They will be responsible for identifying, assessing, tracking, and driving remediation of Information Security risk within the organization. This individual will work in a team environment and liaise between Security, Technology, and the business to achieve these goals. This may include, but is not limited to, responding to client security inquiries and questionnaires, performing risk assessments against specific technologies, performing third party risk management activities, developing and supporting security awareness and training initiatives, assisting in efforts to maintain ISO27001 compliance, performing contract review, and enhancing policy and procedure documentation.

Update and review Information Security policies and procedures
• Assist with the operation of the firm's third-party risk management program
• Respond to assessment and audit requests from clients
• Coordinate and respond to internal and external assessment requests
• Review information security requirements for both new and existing contractual agreements with outside parties
• Assist with the review of contractual agreements with new, current, and prospective clients
• Update and maintain the firm's risk management program and risk register
• Document risk exception and risk acceptances in accordance with defined policies and procedures
• Assist in planning for and performing internal and external audits
• Assist in tracking and remediating findings from penetration tests and other risk assessments/audit activities
• Assist with the development of security awareness and training materials
• Assist with ISO surveillance audits, recertification activities, penetration testing activity and internal ISO assessments

• High School Diploma or GED required; Bachelor's degree in Management Information Systems, Information Technology, Computer Science, or related field is strongly preferred
• CISSP, CISA, CRISC, CISM or similar certifications desired
• Minimum of two (2) years of increasingly substantive roles in Information Security Governance, Risk, and Compliance required
• Familiarity with at least one (1) of the following industry frameworks: COBIT, ISO 27001, NIST 800-53, NIST CSF, or equivalent framework required
• Familiarity with information security tools (such as CrowdStrike, ProofPoint, KnowBe4, ZenGRC, Microsoft Defender, etc.) and principles (confidentiality, availability, integrity, least privilege, remediation, security awareness etc.) required
• Working knowledge of risk management and audit principles
• Foundational knowledge in Azure or cloud deployment, configuration, and security principles
• Understanding and familiarity with security principles within Microsoft Office 365 suite
• Proven and demonstrated communication skills including relationship-building and collaboration skills#LI-Hybrid

In support of transparency and equity in the workplace, Foley provides salary ranges for all positions. The figures below represent the full compensation range of this position. The actual offered amount will be between the range minimum and midpoint based on the following factors: education, experience, geographic market, and internal pay equity at Foley. We are accepting ongoing applications.
Chicago, Dallas, & Denver - $82,700 to $115,800

Washington D.C. - $90,200 to $126,400