The Security Policy Engineer serves on engineering project teams, acts as a subject matter expert for Information Security (consulting to technical and non-technical management and the user community), and performs key risk management functions within Information Technology.
Summary of Duties:
Serve as a subject matter expert for Information Security, consulting to technical management (serving on project teams, discussing application and systems architectures, etc), non-technical management (educating the user community on information security) and attorneys (e.g. litigation-related technical education) as necessary.
Effectively perform risk assessments for IT projects, technologies and third-parties (e.g., vendors and service providers). Coordinate with IT teams in delivering recommendations and following up on action items.
Maintain, manage and monitor compliance to ISO 27001, regulatory / legal requirements and client requirements.
Assist in coordination of the Security Awareness program, including development of awareness content, scheduling of awareness activities and measuring progress of the program.
Respond to IT Security questionnaires from current and prospective clients and business partners
Collect and triage information on existing emerging threats, including software vulnerabilities. Work with all areas of IT to ensure system vulnerabilities are addressed and remediated effectively and efficiently.
Assist in development and maintenance of security policies, standards, processes and guidelines for approval by Firm management. Evaluate exception requests and make approval recommendations to management.
Participate in long-term strategy and planning for Information Security
Relevant Experience, Training, and Certifications:
Three years professional experience, including 2 years working in area of risk management, governance, IT security and / or compliance.
Familiarity with Security frameworks and regulations: ISO 27001, NIST, etc.
A strong candidate will have one or more of the following certifications:
Certified Information Systems Security Professional (CISSP) or Certified Information Security Auditor (CISA). CISSP Associate will be considered.
Various vendor-specific certifications relevant to one or more Specific Technologies listed at the end of this description
POSITION SPECIFIC SKILLS
Ability to facilitate project and vendor risk assessments with relative independence and provide guidance to project teams on secure design and operation of technology.
Ability to complete and assist in completing client security questionnaires and security assessments concerning the Firm’s security program and controls.
Ability to communicate an effective security awareness message throughout the organization.
Demonstrated ability to create and maintain security policy, standard, guideline and procedure documents.
Demonstrated ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users.
Knowledge of basic security technology capabilities.
Strong knowledge of anti-malware technologies.
Strong knowledge of security administration and role based security controls.
Strong knowledge of authentication technologies and their interaction with different platforms, both on-site and remote.
Knowledge of both client and server firewalling technologies and their configuration and administration.
Knowledge of security systems log correlation and analysis.
Knowledge of data encryption technologies.
Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
Knowledge of web filtering and email SPAM prevention techniques.
Knowledge of vulnerability assessment and forensic tools.
Current Security Technologies
Windows Authentication and Active Directory integration
Trend and Microsoft Forefront Anti-Malware
Symantec/PGP Full-disk Encryption
WinMagic (Full-Disk Encryption)
RSA Authentication Manager and RADIUS
Logrythm Security Incident and Event Management
ScanSafe Web Filtering
Cisco ASA Firewall
Rapid 7 / Metasploit Pro
SANS Securing the Human
Proofpoint SPAM filtering
Internal Number: 4853
About Kirkland & Ellis LLP
Kirkland & Ellis LLP is a preeminent, full-service law firm with offices around the world and a staff as diverse as the practice areas we support. Our clients range from Fortune 100 companies to medium and small corporations, financial institutions, and private equity firms. Known for our commitment to excellence, Kirkland strives to provide superior service to our clients as well as our fellow employees. From Information Technology to Human Resources, Paralegal Services to Business Development, Kirkland offers non-attorney professionals challenging careers in a variety of functional areas. Whether starting or growing your career, Kirkland can offer a performance-driven culture filled with bright and innovative teams of co-workers.