Security Risk and Compliance Specialist

Security Risk and Compliance Specialist
(Atlanta, Full-time Hybrid)

Fisher Phillips, a premier international labor and employment law firm, is seeking a skilled and experienced Security Risk and Compliance Specialist to join our team. In this essential role, you will contribute to the seamless operation of our services, providing crucial support to our department in delivering exceptional client service and maintaining our commitment to excellence.

The Security Risk and Compliance Specialist supports the Director of Information Security in managing security-related contractual obligations and compliance requirements. This role ensures organizational compliance with internal policies and is responsible for reviewing contractual commitments and actual controls, assisting with remediation planning, and contributing to security awareness materials. The ideal candidate is an analytical, detail-oriented professional who thrives in a fast-paced environment and is adept at managing risk while enabling business operations. This role is essential to ensuring, compliance requirements are met, and security risks are identified and mitigated in a timely manner.

Key Responsibilities

Contract & Agreement Review:

• Review client and vendor agreements for security and compliance requirements
• Analyze security-related terms to ensure commitments align with firm policies, procedures, and technical capabilities
• Identify and document gaps between contractual requirements and current security controls
• Collaborate with the Director of Information Security to prioritize and escalate identified gaps
• Assist with drafting and negotiating security terms in new contracts

Compliance & Risk Management:

• Support security risk assessments for vendor engagements and client obligations.
• Maintain documentation of security requirements, gaps, and mitigation plans.
• Lead or assist with compliance audits (e.g., SOC 2, HIPAA, GDPR, CCPA, PCI-DSS, ISO 27001) by gathering evidence and managing documentation.
• Maintain and update compliance documentation, including policies, standards, and procedures.
• Coordinate responses to client security questionnaires and due diligence requests.
• Work with Information Governance, Legal, and IT teams to maintain privacy and contractual requirements

Security Awareness & Training:

• Support the development and delivery of security training and phishing simulation programs
• Create internal communications and awareness campaigns to foster a security-conscious
  culture
• Help ensure training content aligns with client, vendor, and regulatory security
  requirements
• Assist the Director of Information Security in planning and tracking awareness initiatives

Policy Management & Documentation:

• Draft, review, and maintain information security policies, standards, procedures, and
  guidelines
• Ensure policies align with contractual obligations, business goals, risk appetite, and
  current threat landscape
• Collaborate with legal and HR teams to enforce and communicate policy changes

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a
  related field, or equivalent professional experience
• Minimum 3 years of experience in information security, IT compliance, or cybersecurity
  risk management
• Experience reviewing client or vendor contracts for security and compliance
  requirements
• Familiarity with security frameworks such as NIST CSF, ISO/IEC 27001, CIS Controls,
  and COBIT
• Knowledge of regulatory requirements: HIPAA, SOC 2, GDPR, PCI-DSS, SOX, or
  FedRAMP
• Excellent analytical, investigative, and problem-solving skills
• Exceptional communication skills (written and verbal), with the ability to work crossfunctionally and present to leadership
• Ability to explain security concepts clearly in writing for training and awareness purposes
• Strong organizational skills with the ability to manage multiple tasks and deadlines

Preferred Qualifications

• Professional certifications such as CISSP, CISA, CISM, CRISC, Security+, or ISO 27001
  Lead Auditor/Implementer
• Familiarity with cloud platforms (AWS, Azure, GCP) and their security tools and shared
  responsibility models
• Experience with governance, risk, and compliance (GRC) tools (e.g., Archer, OneTrust,
  LogicGate)
• Experience with SIEM tools, EDR, and vulnerability management platforms (e.g.,SumoLogic, CrowdStrike, Tenable)

Why Join Us

At Fisher Phillips, we recognize that exceptional talent is the foundation of our success, enabling
us to deliver outstanding service to both our internal and external clients. Joining our team
means collaborating in a professional yet dynamic environment that leverages cutting-edge
technology. Our leadership is committed to fostering your professional growth and providing
opportunities to challenge yourself in meaningful ways.
We believe in rewarding talent with more than just a competitive salary. Our comprehensive
benefits package includes health, dental, and vision insurance, a 401(k) with profit sharing,
generous paid time off, and holidays.

Your well-being is our priority. We offer 24/7 telehealth services, a variety of wellness
programs, and additional optional benefits designed to support your unique lifestyle. At Fisher
Phillips, you’ll find a workplace that values your health, happiness, and continued professional
development. To learn more about our firm, visit us at www.fisherphillips.com.

Equal Opportunity Employer

Fisher Phillips is committed to providing equal employment opportunities to all employees and
applicants, regardless of race, ethnicity, religion, sex (including related medical conditions),
gender, sexual orientation, national origin, citizenship status, veteran status, marital status,
pregnancy, age, disability, or any other protected status, in compliance with all applicable laws.
The statements in this position description are not necessarily all-inclusive. Additional duties and
responsibilities may be assigned, and requirements may vary from time to time.
Relocation costs are not covered. We are only accepting direct applicants; thirdparty
recruiters or agencies will not be considered. No phone inquiries, please.