We have an opening for a Cyber Security Controls Specialist in our Washington, DC Office.
The Cyber Security Controls Specialist will lead or support the analysis, development, implementation and maintenance of the Firm’s information security (InfoSec) standards, guidelines, processes and associated documents based on NIST, ISO, and COBIT standards. This role will support the assessment of cyber risk and identify appropriate controls and protocols to reduce or manage those risks.
In this capacity, the Cyber Security Controls Specialist will:
- Contribute to analyzing, defining, creating, implementing and socializing security related processes and procedures and relevant documents;
- Identify potential or actual gaps in the information security program based on information security standards (CSF, NIST, ISO) and communicate information as directed;
- Manage the process portfolio, including the monitoring of standards, guidelines and processes to verify alignment to Firm and Client InfoSec requirements;
- Support the definition and maintenance of InfoSec measures and metrics;
- Collaborate with the InfoSec team and other InfoSec stakeholders as appropriate, including the provision of guidance regarding InfoSec standards, guidelines and processes;
- Assist with the creation and maintenance of the InfoSec risk register and associated mitigations or POAM activities; and
- Handle additional related projects as assigned.
In addition, the Cyber Security Controls Specialist will be expected to have:
- Understanding of the technology and operational risks as related to internal technology solutions;
- Awareness of current information security standards and developments (CSF, NIST), as well as the emerging cyber threat landscape;
- Working knowledge of existing and new security applications, platforms and architectures;
- Ability to develop and maintain a solid working relationship across the departments; and
- Strong analytical skills
- At least five years of combined information technology and information security experience;
- Bachelor degree in Information Security, Information Assurance, Computer Science, Information Systems, or other related field (two years of additional experience may be substituted for two years of college credits);
- CISA, CISM, GSEC, CISSP or other security-related certification preferred;
- Strong understanding of information security concepts and technologies;
- Strong understanding of risk management concepts, frameworks, and methodologies;
- Background in consulting preferred;
- Fundamental knowledge of the operation of law practices;and
- Advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.