Senior Security GRC Analyst

To support the efforts of the organization by supporting Firm security projects, reporting, and audit preparation. The position is also responsible for the execution of internal and third-party information security audits to assess the firm’s risk posture relative to the established ISMS and risk management framework.

Main responsibilities:

• Execute recurring information security controls audits on both internal and external entities using an established ISMS and risk management framework
• Provide effective responses to client Requests for Proposals and Requests for Information in support of the business development function
• Respond to client information security audits in a timely, accurate, and effective manner
• Monitor control systems to ensure that appropriate information access levels and security clearances are maintained
• Monitor and report on compliance with the Firm’s information security policies and procedures
• Maintain records of audit findings and ensure that corrective actions are implemented per the agreed remediation schedule
• Provide status reports to the IT GRC Manager
• Maintain the Firm's security-related information and metrics repositories

Skills and experience:

• A thorough understanding of security concepts and best practices.
• Authoritative understanding of principles, theories, techniques, and methods of information system analysis and risk assessment.
• Authoritative understanding of audit principles applied to common information security domains such as security policy, organizational structure, asset management, human resources, physical security, operations, communications, access control, development, and acquisition, incident management, business continuity, and compliance.
• Working knowledge of common information systems such as Active Directory, networking, endpoint management, and cloud security concepts.
• Proficient in the use of Microsoft Excel and Word.
• Sufficient business acumen to understand the business drivers associated with risk management concepts, particularly those affecting client audits, RFPs, and contractual terms.
• Strong communication skills - demonstrated ability to communicate professionally in business language, in both oral and written formats (English).
• Gather and analyze facts, draw conclusions, define problems, and suggest solutions.
• Work independently and within a team.
• Remain productive and maintain focus without direct supervision.
• Effectively manage multiple tasks concurrently.
• Internalize and act upon constructive feedback.
• Adopt new skills and improve existing skills in a dynamic environment.
• Possess a Computer Science Bachelor’s Degree or substantial equivalent experience
• A good amount of professional experience with a company-facing information security audit, client-facing audit response, third-party vendor risk management platforms, security metrics tracking and reporting, managing phishing campaigns, and remediation tracking.
• Working knowledge of foundational information security systems and processes
• CISA, CRISC, CISM or equivalent professional certification preferred

About us

At Baker McKenzie we are different in the way we think, work and behave. With our team of 13,000 people, including over 6,500 locally admitted lawyers, in over 70 offices worldwide, we have a passionately collaborative community of 60 nationalities and are committed to world-class career development to everyone in every job at every level. Baker McKenzie can offer you both the uncompromising commitment to excellence expected of a top firm paired with a passionately global and genuinely collaborative working environment.

Additional Information

Baker McKenzie is an Equal Opportunity Employer. We are committed to promoting diversity and inclusion for all. Our unique international culture is reflected in the drawing together of a worldwide family of individuals from diverse cultures and backgrounds in all of our offices. We encourage the best people - regardless of race, religion or belief if any, gender, gender identity, disability, sexual orientation or age - to fulfill their professional aspirations with us. We are committed to ensuring an inclusive and accessible experience for all candidates.