Remote,
Louisville, Kentucky
San Jose, California
San Jose, California
New York, NY, 10176, USA
San Jose, California
Los Angeles, California
Pittsburgh, Pennsylvania
Cincinnati, Ohio
Posted: 15-May-25
Location: Atlanta, Georgia
Type: Full Time
Categories:
Currency:
Region:
Additional Information:
Certifications:
CGEIT - Certified in the Governance of Enterprise IT
CISA - Certified Information Systems Auditor
THE FIRM
As a leading international law firm, we are dedicated to excellence through impactful communication, collaboration, and community involvement. Our company culture has earned us one of the "100 Best Companies to Work For" for 26 consecutive years. This honor, along with many others, highlights our commitment to innovation and professional development. At Alston & Bird LLP, our foundation is made of trust, reliability, and compassion.
JOB DESCRIPTION
Are you passionate about shaping the future of cybersecurity from a strategic lens? As part of our Information Security Governance team, you’ll help steer the ship—not just keep it afloat. Under the guidance of experienced leaders, you’ll dive into a variety of impactful initiatives that strengthen our firm’s security posture.
Your mission?
- Evaluate and manage third-party vendor risks with a sharp eye for detail.
- Lead the charge on client security assessments and ensure smooth, transparent communication.
- Track and support remediation efforts that keep our risk profile in check.
- Continuously monitor vendor performance and compliance.
- Expand and evolve our governance program to meet tomorrow’s challenges.
- Design and deliver engaging security awareness education that sticks.
This role is all about driving the firm’s Information Security Governance, Risk, and Compliance (GRC) program forward—with purpose, creativity, and a touch of fun. Are you ready to take on the challenge and help us stay ahead of the curve? Apply now and make a difference!
ESSENTIAL DUTIES
1. Third-Party Risk Management:
- Conduct comprehensive risk assessments of vendors, focusing on security measures and compliance with information security/cybersecurity frameworks.
- Evaluate vendors’ IT and information security systems to identify potential risks and vulnerabilities.
- Develop and implement vendor risk management policies and procedures.
- Collaborate with procurement and legal teams to ensure vendor contracts include necessary risk mitigation clauses.
- Monitor vendors’ performance and compliance with contractual obligations.
- Prepare reports, summaries, and metrics on third-party security assessments to stakeholders.
- Analyze and interpret third-party security assessment findings and provide recommendations and remediation plans to mitigate identified risks.
- Monitor and track third-party risk issues, ensuring timely resolution and appropriate risk mitigation actions.
2. Client Security Assessments:
- Coordinate responses to client security inquiries.
- Prepare thorough responses based on details of our technical and policy environment.
- Collect and/or prepare evidence as necessary.
- Communicate progress to team members and clients.
3. Governance Program Support:
- Manage and monitor configurations related to Firm policies, client-specific policies, and/or product-specific policies.
- Identify and recommend enforcement capabilities.
- Coordinate establishment of necessary controls.
- Manage exceptions and exclusions.
- Support governance initiatives and special projects of other teams as required.
- Maintain current knowledge of industry-recognized risks, possible security vulnerabilities, and current security solutions.
- Remain aware of industry standards, compliance, regulation requirements, and best practices.
- Recommend and/or support certification efforts.
- Identify, develop, and document policies and procedures.
4. Security Awareness and Education:
- Assist in the development and delivery of security awareness training.
- Support the firm’s secured File Transfer Protocol (FTP) system.
- Monitor software installations to ensure compliance with firm policy.
SKILLS, EXPERIENCE, AND INTERESTS
Governance and Compliance:
- Thorough understanding of governance concepts, approaches, controls, and frameworks (ISO27000, NIST CSF, SOC 1 and SOC 2 Type I and II, etc.).
- Familiarity with relevant laws and regulation requirements (HIPAA, state privacy laws, EU privacy, GDPR, etc.).
- Experience in compliance, risk assessments, investigations, or other forensic reviews.
Technical Skills:
- Strong understanding of IT systems and information security practices, including enterprise IT infrastructure and architecture, operating systems, servers, web applications, endpoint and network security, identity and access management, security protocols, cloud security, cryptography, secure coding, SSDLC, penetration testing, vulnerability management, patch management, SIEM, etc.
- Solid understanding of cloud vendors and the varying responsibilities between IaaS, PaaS, SaaS, etc.
Analytical and Communication Skills:
- Very strong professional verbal and written communication skills, explaining technical information to clients, vendors, senior management, and staff (both technical and non-technical).
- Ability to identify and evaluate vendor risks.
- Ability to analyze complex data to make risk-related decisions.
Project Management and Organizational Skills:
- Ability to multitask and switch focus among multiple different efforts quickly.
- Excellent organizational and self-management skills.
- Strong project management skills and experience.
EDUCATION AND EXPERIENCE
Required
- Prior risk, compliance or governance experience
- Up to 2+ years of experience in governance, risk or compliance
- Prior third-party risk management experience
Preferred
- Bachelor’s degree in information security governance, risk, compliance, or IT-related majors
- Applicable certification (CISA, Security+, CISSP, CGEIT, etc.)
- Prior technical experience
- Experience in heavily regulated industries
EQUAL OPPORTUNITY EMPLOYER
Alston & Bird LLP is an Equal Opportunity Employer does not discriminate on the bases of any status protected under federal, state, or local law. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law on the basis of race, color, religion, sex, age, sexual orientation, gender identity and/or expression, national origin, veteran status or disability in relation to our recruiting, hiring, and promoting practices.
The statements contained in this position description are not necessarily all-inclusive, additional duties and responsibilities may be assigned, and requirements may vary from time to time.
Professional business references and a background screening will be required for all final applicants selected for a position.
If you need assistance or an accommodation due to a disability you may contact garett.bechdolt@alston.com.
Alston & Bird is not currently accepting resumes from agencies for this position. If you are a recruiter, search firm, or employment agency, you will not be compensated in any way for your referral of a candidate even if Alston & Bird hires the candidate.