Cyber Risk Manager
Washington, District of Columbia, United States; Chicago, Illinois, United States
King & Spalding
King & Spalding is an international law firm providing clients a consistent, uncompromising approach to quality from its 24 offices worldwide.King & Spalding is seeking a Cyber Risk Manager. This position will play a key role with all Governance, Risk, and Compliance (GRC) related activities. This individual will manage and conduct security assessments, penetration tests, and other continual improvement activities intended to identify and manage cybersecurity and information risk across the enterprise. This individual will also conduct security assessments on prospective and existing third parties, and assist with the remediation of technical vulnerabilities within the Vulnerability Management program. Additionally, this individual will play a lead role firm’s Security Awareness program by assisting with the design and implementation of the firm’s annual and new hire security awareness training. The Cyber Risk Manager will report to the Cyber Risk Manager and will work closely with Subject Matter Experts throughout the firm. They will support the client security inquiry process at the firm, which includes responding to client questionnaires and reviewing IT security terms within client contracts. This role will be responsible for managing and maintaining the firm’s ISO 27001 certification, as well as the full library of information security policy and standards.
SKILLS:- Problem Solving - Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in group problem solving situations; Uses reason even when dealing with emotional topics.
- Technical Skills - Assesses own strengths and weaknesses; Pursues training and development opportunities; Strives to continuously build knowledge and skills; Shares expertise with others.
- Customer Service - Responds promptly to customer needs; Responds to e-mail and voice mails as soon as possible and no later than the following business day; Solicits customer feedback to improve service; Responds to requests for service and assistance; Meets commitments.
- Interpersonal - Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others' ideas and tries new things.
- Oral Communication - Speaks clearly and persuasively in positive or negative situations; Listens and gets clarification; Responds well to questions; Demonstrates group presentation skills; Participates in meetings. Able to translate and communicate technical security concepts in terms of business risk
- Teamwork - Balances team and individual responsibilities; Exhibits objectivity and openness to others' views; Gives and welcomes feedback; Contributes to building a positive team spirit; Puts success of team above own interests; Able to contribute to morale and group commitments to goals and objectives; Supports everyone's efforts to succeed; Recognizes accomplishments of other team members.
- Written Communication - Writes clearly and informatively; Edits work for spelling and grammar; Varies writing style to meet needs; Presents numerical data effectively; Able to read and interpret written information.
- Other Skills: Expertise in IT Governance, Risk, and Compliance. Expertise in applying reasonable security controls to manage risk while enable business processes.
- BA/BS in Computer Science, Business, or related field is required
- Advanced certification such as CISSP, CISM, CISA, or CCSP preferred
- At least 5-7 years of experience in the areas of information security, risk management, compliance, IT audit or similar functions
- Experience managing client security inquiries including questionnaires, onsite audits, and contractual terms review
- Experience with ISO 27001/27002
- Experience with industry leading GRC platforms a plus
- Experience with managing internal controls, risk assessments, business process and internal IT control testing or operational auditing
- Experience with client services or professional services firm a plus
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CCSP CISA CISM CISSP Compliance Computer Science Governance ISO 27001 Risk assessment Risk management Security assessment Vulnerabilities Vulnerability management
Perks/benefits: Career development Equity / stock options Flexible spending account Flex vacation Health care Insurance Salary bonus Team events Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.