Kutak Rock LLP is a national law firm of more than 500 lawyers with offices from coast to coast. Our firm serves local, regional and national clients in a practice that spans a wide range of disciplines. The firm is seeking a team-oriented self-starter to join our national IT Department as an Information Security Risk Analyst. This position reports directly to the Director of Cybersecurity and serves in a supporting role to the Information Security Management Team (ISMT). Other responsibilities will include assisting in the implementation of the Information Security Management System, particularly in areas that involve responding to client audits, managing vendor relationships, and ensuring that requirements are adequately documented and being met internally and externally.
- Work with vendor relationship managers to gather information and document the services that will be provided, identify the inherent risks involved, and determine what risks need to be mitigated, and track how those risks are being managed by the vendor or the Firm
- Review vendor assessment response and provide risk assessments and recommendations to the Director of Cybersecurity and ISMT
- Identify, create, implement, and maintain assessment tools and processes for performing information security risk assessments of new and existing vendors
- Assist relationship attorneys or staff responsible for vendor relationships in ensuring vendor associated risks are addressed in accordance with the Firm’s Risk Management requirements
- Respond to requests for information from the ISMT and other support personnel for use in meeting audit requirements or filling other requests for information about the Firm’s vendor risk management program
- Maintain documentation of all activities performed in the risk assessment process
- Coordinate assessment and approval workflows to meet dynamic business requirements and deadlines
Requirements and Qualifications:
- Understanding and experience working within the ISO 27001 framework and controls
- Familiarity with a variety of information security and governance frameworks such as PCI, COBIT, NIST, SOC, CIS, etc.
- Broad knowledge of current security technologies, methods, and concepts
- Experience in identifying risk and implementing risk management controls
- Demonstrated ability to work unsupervised and meet deadlines while working on multiple projects with competing priorities
- Critical reasoning skills to be able to assess compliance with non-prescriptive requirements and offer a clear explanation as to why a requirement has or has not been met
- Ability to recognize and understand the value in alternative strategies and approaches to solving problems
- Excellent written and verbal communication skills with an attention to detail
- Ability to gather information from individuals and groups using a variety of methods including face-to-face, phone conversations, conference calls, and email
- Bachelor’s degree, Information Systems, Cybersecurity, or related field preferred
No recruiter call at this time.
Kutak Rock LLP is an Equal Opportunity/Affirmative Action Employer committed to sustaining a culturally and ethnically diverse working environment and to principles that promote inclusive practices. All qualified applicants receive consideration for employment without regard to race, color, creed, ancestry, national origin, religion, sex, age, marital status, domestic partner status, pregnancy, caregiver status, gender stereotyping, sexual orientation, gender identity, genetic information, AIDS/HIV status, handicap or disability, or status as a Vietnam era or special disabled veteran, or any other legally protected category. The firm will provide reasonable accommodation for individuals protected by Section 503 of Rehabilitation Act of 1973, the Vietnam Era Veterans’ Readjustment Assistance Act of 1974, and Title I of the Americans with Disabilities Act of 1990. Applicants requiring accommodation in the job application process should contact the Human Resources Department at 402-346-6000 or by emailing HRDepartment@KutakRock.com.
Kutak Rock LLP does not accept unsolicited referrals or resumes through our website from any source other than directly from candidates. We will not consider unsolicited referrals and/or resumes from vendors through our website including and without limitation, search firms, staffing agencies, fee-based referral services and recruiting agencies. Unsolicited referrals and resumes sent to Kutak Rock LLP are deemed gratuitous, and the firm will not be obligated or bound in any way to pay any referral or other fee if a person referred to us through our website is hired from a source other than from the candidate.