Security and Risk Analyst

Taft is seeking a Security and Risk Analyst to support our Information Technology team in our Chicago, Cincinnati, Cleveland, Columbus, Dayton, Detroit, Indianapolis or Minneapolis office.

Job Summary :

The Security and Risk Analyst is responsible for ensuring Taft's digital assets and those of our clients are protected from unauthorized access through a multi-discipline approach, actively identifying and mitigating suspicious activity while evaluating and updating policy and conducting and analyzing security assessments at the direction of the Security and Risk Manager.

Duties / Responsibilities :

• Responds to security alerts, indications of compromise and helpdesk security incident tickets in real time, gathering information and taking action to protect the firm and communicating findings.
• Assists the Security and Risk Manager in performing and analyzing the results of internal and external security audits, security assessments, vulnerability testing and risk analysis.
• Assists the Security and Risk Manager in developing and deploying end user training programs and working with users on compliance.
• Assist IT and teams in verifying the security of third-party vendors, collaborating with them to meet security requirements.
• Monitoring security access, vendor access, remote access, and anomalies.
• Supports periodic reviews by internal audit, compliance teams and other risk-related functions as required.
• Adhere to all IT Department standards and Firm Information Security Policies, including but not limited to change control and maintenance windows.
• Adhere to IT ITIL (Information Technology Infrastructure Library) disciplines and processes, including, but not limited to : ITSM (IT Service Management);

Incident Management; Change Management and Problem Management.

• Obtains, maintains, and applies knowledge of relevant areas (attends seminars; reads periodicals; participates in outside organizations).
• Works with the firm's MSSP to ensure network is secure.
• Monitors network for security related issues including, but not limited to, abnormal access attempts, suspected malware, and possible breaches and ANY potential weaknesses.
• Works with helpdesk to identify and resolve possible security events and incidents, providing timely and relevant in-house escalation support, adhering to ticketing procedures and SLA requirements.
• Researches new software applications intended to make the Firms' system more secure.
• Drafts documentation as requested for security related policies and procedures
• Assists training team with preparing relevant security training plans and materials and assessing their adoption rate and effectiveness.

Knowledge, Abilities, Skills, Other Requirements

• Proficiency and understanding of current cyber security technologies encompassing perimeter / edge next generation security, endpoint security, heuristic security, and security related monitoring.
• Ability to be available after hours and remotely to respond to threat alerts and possible attacks.
• Ability to write reports, knowledge base articles and short procedures
• Clear thinking in a crisis or stressful situation.
• Travel is not required on a regular basis, although some out-of-the-area and overnight travel may be expected.
• Background in Cybersecurity principles and best practices.
• Proficiency in Windows operating systems as it pertains to security threats.
• Proficiency in Firewalls, application monitoring, securing the network perimeter.
• Demonstrates teamwork (is receptive to and acts upon input from others, is willing and able to compromise as needed, displays willingness to work with all Firm employees, willingly assists others).
• Demonstrates initiative (contributes new ideas, is self-motivated).
• Demonstrates organizational skills and effective use of time (ability to plan, set priorities and manage time to ensure work is timely and efficiently completed per department plan and budget parameters).
• Demonstrates flexibility (willing to adjust to changes, able to work with all levels of Firm employees).
• Exhibits dependability (maintains presence in all office locations as appropriate).
• Adheres to strict confidentiality standards (keeps confidential all information concerning firm matters and clients).

Education and Experience :

• Bachelor's degree or equivalent work experience.
• Three plus years Cybersecurity-related work experience.
• Security or Microsoft certifications desired.
• Familiarity with helpdesk ticketing systems such as Service Desk Plus or ServiceNow.
• Law firm experience preferred.

Candidates interested in the Chicago office should apply here .

Candidates interested in the Cincinnati office should apply here .

Candidates interested in the Cleveland office should apply here .

Candidates interested in the Columbus office should apply here .

Candidates interested in the Dayton office should apply here .

Candidates interested in the Detroit office should apply here .

Candidates interested in the Indianapolis office should apply here .

Candidates interested in the Minneapolis office should apply here .

Taft is a State of Minnesota and City of St. Paul Affirmative Action Employer as required in those jurisdictions. Taft is an Equal Opportunity Employer.

The information in this posting presents general duties, tasks, and responsibilities but is not intended to be an exhaustive listing.

Taft Stettinius & Hollister LLP participates in E-VERIFY .