View all jobs

Information Security/GRC Specialist

New York City, NY

Top law firm is in need of an Information Security/GRC Specialist that can perform three core functions for the company. The first will prominently include the execution of any customer and vulnerability audits, request for proposals, and assessments. The second is coordinating and moving the company's security program forward through policy, architecture, and internal training processes. Additional responsibilities will include participating in the selection of appropriate security solutions and overseeing the day-to-day operations of the in-place security solutions, such as the creation and/or maintenance of policies, standards, baselines, guidelines and procedures necessary to mature the company's overall security posture.

The Position
The Information Security/GRC Specialist is expected to interface with peers across all IT departments, IT management, and representatives of the business to share the corporate security vision and to solicit their involvement in achieving higher levels of cyber security through information sharing and co-operation. 

  • Bachelor's degree from an accredited university in CS, IT, CIS, or a computer related field
  • CISSP, GIAC, CEH, Security+ or related security certifications highly preferred
  • Experience with Financial Firms, Banks, and Insurance Companies a plus
  • Min. of four (4) years' experience as an information security professional with advanced experience developing, documenting, and driving adoption of information security standards and procedures
  • Min. of two (2) years of advanced knowledge of security standards and frameworks 
  • Min. of two (2) years of experience implementing and executing security incident response
  • Qualified applicants should have current experience across a broad spectrum of data security disciplines. Including Microsoft networking solutions and infrastructure and intrusion detection and prevention
  • Strong background with firewall products, intrusion detection systems, DMZ, IPSec, DNS, SMTP, HTTP proxies, etc. 
  • Knowledge of security best practices across multiple platforms, such as Microsoft Windows, VMWare, and Cisco IOS
  • Knowledge of public-key cryptography, understanding of encoding, encryption, and hashing techniques
  • Exceptional customer service, verbal and written communication skills are required
  • Must have strong leadership skills, providing project leadership as needed
  • Candidate should be able to effectively interact with all levels of staff and executive C-level management
  • The ability to work in a team or work independently on complex tasks with minimal technical and management guidance is required

  • Provide information security and cyber security analysis and best practice recommendations for hardware, operating systems, networks, software, databases, staffing, data center, and physical office space security
  • Conducts incident prevention, detection, containment, eradication and recovery across IT systems, including developing processes, monitoring events, responding to incidents, summarizing and reporting findings
  • Provides primary point of contact for responses to Client Proposals, Requests for Information and periodic Client IT Audits
  • Creates Firm-wide policies and procedures documentation as needed (e.g., Information Security, Incident Response, Computer Usage, Security Awareness, Personally identifiable Information, etc.)
  • Provides primary point of contact for external 3rd party information security vendors
  • Analyze and resolve findings from vulnerability scans and penetration tests
  • Conduct user activity audits and perform internal forensic eDiscovery when required
  • Respond to and prepares status reports on security incidents to analyze security risk and response procedures
  • Check server and firewall logs, scrutinizing network traffic, establishing and updating virus scans, and troubleshooting
  • Perform Information Security access and provisioning requests within established Service Level Agreements
  • Administer user systems and data entitlements, across multiple platforms and applications
  • Ensure system access requests are processed with high quality and accuracy
  • Stay abreast of current technologies, developments, security compliance requirements, standards and industry trends
  • Lead and/or participate in special projects as assigned

More Openings
Security Engineer
Senior Citrix Engineer
Share This Job
Powered by