Information Security & Risk Analyst

Fisher Phillips, a national employment and labor law firm, is seeking an experienced Information Security and Risk Analyst for its Atlanta office. Our range of experience enables us to bring efficient and practical solutions to today’s labor and employment law problems. For more information about the firm, please visit us at our website at www.fisherphillips.com.

Position Summary

The Information Security and Risk Analyst will work as part of the Firm’s Information Security Team to protect the confidentiality, integrity, and availability of Fisher Phillips’ cloud and on-premise network and internal business networks. This position will be responsible for analyzing security events, enriching event data through contextual and threat analysis, and responding to, re-mediating, and coordinating incident response actions with other stakeholders. The successful candidate must be able to learn about existing processes and systems, evaluate them for weaknesses, and make improvements that will make security operations more effective and efficient.

Responsibilities

  • Interpret, monitor, and assess the information provided by Firm security applications to respond to incidents as appropriate;
  • Perform ongoing internal vulnerability scanning and create remediation requests and status reports;
  • Review current state of information security and performs regular audits of access permissions;
  • Conduct ongoing risk assessments of current and potential third party vendors
  • Ensure authorized access by investigating improper access, revoking access, and reporting violations;
  • Coordinate and participate in disaster recovery and incident scenarios to ensure process and procedures are understood by relevant parties;
  • Identify and investigate relevant security alerts originating from anti-virus, firewall, and file monitoring systems;
  • Respond to email related security alerts including phishing and malware remediation actions;
  • Assist in developing security awareness globally by providing orientation, educational programs, and on-going communication; and
  • Update job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations.
  • Assist in providing requested security control evidence and completion of client data security audits.

Qualifications

  • Bachelor’s degree in Information Security;
  • Relevant Cybersecurity certifications preferred (CISSP, CISA, CISM, etc.);
  • Experience with security frameworks (e.g., ISO 27001) required.
  • Knowledge of endpoint protection, intrusion detection, security event monitors, email security, firewalls and other security devices/tools.
  • Knowledge of incident response methodologies.
  • Knowledge of hardware and operating systems.
  • Knowledge of large-scale server virtualization.
  • Knowledge of applications and data management tools.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of adversarial tactics and techniques.
  • Knowledge of cybersecurity, ethics and privacy principles, along with related regulatory requirements.
  • Knowledge of encryption algorithms, cryptography, and key management
  • Ability to collect and analyze data to guide decision making.
  • Ability to interpret the information collected by network tools, such as Traceroute, Ping, packet captures, etc.
  • Ability to analyze and categorize vulnerabilities in information systems.
  • Ability to organize, standardize, and manage detailed information.
  • Ability to work collaboratively and effectively in and between teams.
  • Ability to prioritize, managing multiple competing work efforts.
  • Strong interpersonal, collaboration, and conflict resolution skills. Ability to exercise strong judgment in analyzing, appraising, evaluating, and solving problems of a difficult procedural, organizational, administrative, or technical nature.
  • Strong self-motivation.

No relocation costs. Principals only; no calls please.

We are committed to providing equal employment opportunities to all employees and applicants without regard to race, ethnicity, religion, color, sex (including childbirth, breast feeding and related medical conditions), gender, gender identity or expression, sexual orientation, national origin, ancestry, citizenship status, uniform service member and veteran status, marital status, pregnancy, age, protected medical condition, genetic information, disability or any other protected status in accordance with all applicable federal, state and local laws.