OverviewFoley & Lardner LLP is a great place to work because of what we do and how we do it.
Here, your unique perspectives, experiences, and abilities will be embraced and developed, so you can excel.
Being a part of Foley means having the opportunities and resources necessary to gain experience, advance professional goals, and forge meaningful connections.
It's a place where you can build your career and enjoy professionally satisfying work.
We have over 2,300 people who are #HappyatFoley, and we think you will be too.
Foley & Lardner LLP is currently seeking a Senior Manager, Information Security GRC to join our team.
The right candidate will lead efforts to identify, assess, and manage Information Security risk across the firm's information and technology environment.
This individual is responsible for assessing risk and control effectiveness based on industry standards in order to drive Information Security compliance, prioritization, and program planning to effectively manage risk while enabling the firm's attorneys to provide effective and secure client service.
This individual is responsible for operating the risk management and audit program - leading efforts to plan, test, evaluate, document, remediate, and improve IT and security control effectiveness and maturity.
This individual will collaborate with stakeholders from Information Technology and Information Security architecture and operations teams to translate risk into a strategic and operational roadmap for the Information Security program.
The Senior Manager will also be the primary liaison with key stakeholders, third-parties, and clients to coordinate internal and external security reviews and reporting.
They will maintain compliance with third-party security controls, and provide subject matter expertise and independent validation of program health and metrics to senior leadership.
The ideal Senior Manager will have proven and demonstrated leadership skills including relationship-building and collaboration skills with clear ability to influence, gain buy-in and negotiate with a diverse group of key business partners/stakeholders, including senior management.
ResponsibilitiesConduct risk and standards-based Information Security risk assessments and IT/Security auditsAssess control effectiveness and associated Information Security capability maturity to drive strategic and operational prioritization for Information Security and Information TechnologyEstablish audit work programs to effectively evaluate IT operations, based on best practices, regulatory requirements, and the operating environmentReview IT and Security systems, processes, documentation, and tools to make an assessment of the firm's information technologies and business systems activities to determine operating effectiveness, risk assessment, appropriateness of testing activities in order to achieve established objectivesMaintain compliance to industry standards and certifications such as ISO 27001.
Conduct reviews and special projects to verify that IT system controls are adequate and operating effectivelyDevelop recommendations for security controls and processesMaintain up-to-date reports to satisfy third-party security requirementsDesign and enhance all IT audit efforts, specifically audit methodology and techniques, pursuant to firm and professional standards such as COBITProduce a high-quality end-product that clearly documents the audit work performed while adhering to schedules and deadlinesMake oral or written presentations to management to highlight noted deficiencies and recommended corrective action to improve internal operations and reduce costsParticipate in appraising adequacy of corrective actions taken by management to improve the reported deficient conditionsReview, document, evaluate, and test business processes and/or manual and automated technology controls in the IT environmentDevelop and implement testing methodologies for business processes (including Business Continuity and Disaster Recovery) and/or availability, integrity, and confidentiality in the IT environmentComply with the firm's Professional Responsibilities and ethical standardsPerform other duties as assigned including:Responding to Requests for Information ("RFIs") from customersSupporting the Information Security team with physical security tasks, as assignedQualificationsBachelor's degree required; Degree in IT, Information Security, Computer Science, Business, Finance, or related field preferredCISSP, CISA, CRISC, CISM or similar certifications preferredMinimum of ten (10) years of increasingly substantive roles in information security and risk management or information technology requiredMinimum of five (5) years of experience in information security required; experience in governance, risk, and compliance strongly preferredPrior people management experience requiredDirect experience and/or management of information security systems, tools, and operational functions requiredDemonstrated experience in testing, evaluating, and documenting IT controls for compliance requiredInformation systems internal audit experience at a mid or larger size company strongly preferredStrong familiarity with IT auditing techniques, COBIT, ISO 27001, NIST 800-53 or equivalent frameworkSolid understanding of assessing and designing internal controls in an enterprise-level environmentHigh level of familiarity with various data privacy, security and compliance regulations across multiple jurisdictionsExperience managing complex projects to completion #LI-HybridPursuant to the Colorado Equal Pay for Equal Work Act and Illinois Equity Pay Act, the salary range for this Denver or Chicago based position is between $157,500 - $256,900.
Pursuant to the Washington DC Pay Transparency Law, the salary range for this Washington DC based position is between $171,800 - $280,400.
These figures represent the full compensation range of this position.
The actual offered amount will be determined based on the following factors: education, experience, geographic market, and internal pay equity at Foley.
We are accepting ongoing applications.
#J-18808-Ljbffr