Apply for this job now

Information Security Risk Analyst

Milwaukee, Wisconsin
Job Type
6 Sep 2022

Foley & Lardner LLP is looking for an Information Security Risk Analyst to join our Information Security team. The right candidate will drive efforts to maintain a secure operating environment in compliance with internal and external requirements. The Security Analyst will be responsible for identifying, assessing, tracking, and driving remediation of Information Security risk within the organization. This individual will work in a team environment and liaise between Security, Technology and the business to achieve these goals.This may include, but is not limited to, responding to client security inquiries and questionnaires, performing risk assessments against specific technologies, performing third party risk management activities, developing and supporting security awareness and training initiatives, assisting in efforts to maintain ISO27001 compliance, performing contract review, ensuring access is provisioned properly to systems and data and enhancing policy and procedure documentation.

  • Update and review Information Security policies and procedures
  • Operate the firms third-party risk management program
  • Respond to assessment and audit requests from clients
  • Review information security requirements for both new and existing contractual agreements with outside parties
  • Review contractual agreements with new, current, and prospective clients
  • Update and maintain the firms risk management program and risk register
  • Document risk exception and risk acceptances in accordance with defined policies and procedures
  • Review and enhance Technology and Security systems, processes, and tools to identify, track, and reduce risk within the firm
  • Assist in vulnerability scanning and remediation activities across the firm
  • Assist in developing secure baselines and standards and performing configuration management scanning against these baselines
  • Collaborate with security architecture to ensure solutions are implemented in a secure and resilient manner
  • Work with outside partners and internal stakeholders to enhance identity and access management practices through process engineering and tool implementation
  • Assist in planning for and performing internal audits
  • Facilitate ISO surveillance audits, recertification activities, penetration testing activity and internal ISO assessments
  • Assist in tracking and remediating findings from penetration tests and other risk assessments/audit activities
  • Develop and enhance security awareness and training materials
  • Manage and operate the firms phishing simulation and awareness program
  • Perform access reviews across key logical and physical systems within the organization
  • Bachelor's DegreeinManagement Information Systems, Information Technology, Computer Science, or related field
  • Minimum of two (2) years of increasingly substantive roles in Information Security governance, risk, and compliance
  • Familiarity with at least one of the following industry frameworks: COBIT, ISO 27001, NIST 800-53, NIST CSF, or equivalent framework.
  • CISSP, CISA, CRISC, CISM or similar certifications preferred
  • Working knowledge of risk management and audit principles
  • Knowledge of basic networking principles (e.g., DNS, DHCP, TCP, ACLs, etc.)
  • Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys, etc.), triage and remediation
  • Foundational knowledge in Azure or cloud deployment, configuration, and security principles
  • Understanding and familiarity with security principles within Microsoft Office 365 suite
  • Familiarity with windows server hardening practices and Group Policy based configuration
  • Knowledge of identity access management principles and familiarity in working with Identity Governance and Administration tools
  • Proven and demonstrated leadership skills including relationship-building and collaboration skills with clear ability to influence, gain buy-in and negotiate with a diverse group of key business partners/stakeholders including senior management
  • Ability to work in a fast-paced, agile, and dynamic team environment
  • Ability to drive decision making through a consensus building approach

Apply for this job now


  • Job Reference: 705443395-2
  • Date Posted: 6 September 2022
  • Recruiter: Foley & Lardner LLP
  • Location: Milwaukee, Wisconsin
  • Salary: On Application
  • Sector: Government & Defence
  • Job Type: Permanent