Fisher Phillips, a national labor and employment law firm, is seeking an experienced IT Security Analyst for its Atlanta office. Our range of experience enables us to bring efficient and practical solutions to today's labor and employment law problems. For more information about the firm, please visit our website at www.fisherphillips.com.
The IT Security Analyst performs two core functions for the firm. The first is the day-to-day operations of the in-place security solutions including identification, investigation and resolution of security breaches detected by those systems. The second core function involves design and implantation of IT security solutions, including creation and/or maintenance of IT security policies, standards, guidelines and assessments.
The IT Security Analyst is expected to be fully aware of the firm's security goals as established by the its stated policies, procedures, guidelines and to actively work towards upholding those goals. This includes responsibility for conducting and/or participating in both internal and external vulnerability audits and assessments.
Lead, evaluate and continuously improve tools and processes that ensure appropriate integration of security controls across people, processes and technologies.
Plan and design enterprise security techniques.
Create enterprise security documents including policies, standards, baselines, guidelines and procedures.
Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan.
Maintain up to date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
Document, coordinate, monitor and report on the progress of new and outstanding internal and external audit comments, regulatory issues, and other IT control deficiencies.
Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security in accordance with standard best operating procedures generically and the firm's security governance documents specifically.
Maintain up to date baselines for the secure configuration and operations of all in place devices.
Manage and maintain internal and external operational configurations of existing security solutions per the established baselines.
Execute all internal and external security solutions for efficient operations.
Identify security gaps within the security landscape and propose solutions to eliminate these vulnerabilities.
Review logs and reports of all in place devices, interpret the implications of security related activities, and devise plans for appropriate resolution.
Lead investigations and resolutions of security issues.
Participate in the design and execution of vulnerability assessments, penetration tests and security audits.
Provide second level support for end users for all in place security solutions.
3 or more years of experience in the execution of threat and vulnerability management practices and solutions.
5 or more years of experience participating in and supporting internal and external security audits and/or regulatory review.
3 or more years of experience working within and participating in the maturation of IT risk and control programs, technology risk registries and supporting evidence for security audits and regulatory reviews.
Direct experience administering anti-virus software, anti-malware, intrusion detection, host based firewalls, web content filtering, data loss prevention, application white-listing and file integrity monitoring.
Strong end user access controls implementation experience using Active Directory, Group Policy, SCCM and multi-factor authentication tools.
Strong Mobile Data Management understanding and policy administration.
Experience designing and implanting secure networks, systems and application architectures.
Professional experience in a system administration role supporting multiple platforms and applications.
Ability to communicate end user security issues to peers and management.
Demonstrated ability to learn new and complex end user applications and suggest security controls pertinent to operations.
Experience facilitating information security, risk and compliance maturity assessments (e.g. the FFIEC Cybe Assessment Tool (CAT)).
Experience defining and documenting controls using standards such as COBIT 4.1, COSO, CST, ISO 27003:2013 and ISO 31000.
Extensive knowledge of security, risk, compliance, privacy and audit processes, methodologies, policies and tools.
Strong written and verbal communications skills including the ability to translate complex ideas into easily understandable language.
Ability to independently coordinate others to deliver projects, tasks and assignments in an evolving, maturing, and demanding environment.
Experience in forming and driving project scope and deliverable execution.
Proven analytical and problem solving abilities.
Ability to effectively prioritize and execute tasks in a high pressure environment.
Good written, oral and interpersonal communications skills.
Ability to conduct research into IT security issues and products as required.
Ability to present ideas in business friendly and user friendly language.
Highly self motivated and directed.
Keen attention to detail.
Team oriented and skilled in working within a collaborative environment.
Education & Certification Requirements
5 or more years of work experience in IT security.
Four year college degree in the field of computer science or engineering.
Associate of (ISC)2
One or more of the following certifications:
Certified Information Systems Security Professional (CISSP)
GIAC Information Security Fundamentals.
Microsoft Certified Systems Administrator: Security
Associate of (ISC)
Certified Information Systems Auditor (CISA)
Certified Risk & Information Systems Control (CRISC)
Certified in the Governance of Enterprise Information Technology (CGEIT).
No relocation cost. Principals only; no calls please.
We are committed to providing equal employment opportunities to all employees and applicants without regard to race, ethnicity, religion, color, sex (including childbirth, breast feeding and related medical conditions), gender, gender identity or expression, sexual orientation, national origin, ancestry, citizenship status, uniform service member and veteran status, marital status, pregnancy, age, protected medical condition, genetic information, disability or any other protected status in accordance with all applicable federal, state and local laws.
About Fisher & Phillips
Since 1943, the attorneys at Fisher Phillips have been committed to providing value to our clients. We do one thing - represent employers in labor and employment matters.
Our clients know their legal problems will be treated as business problems and that we strive to help them avoid legal problems. We believe the lawsuit that’s never filed is a better win for a client than a costly defense verdict.
Although skilled and tenacious advocates, our attorneys recognize that the most aggressive and expensive approach may not always be the best solution to a client's problem. We seek to identify the client's primary business objective, design a solution to fit the objective, and implement that solution in the most efficient manner possible.
By performing compliance audits, providing the right policies, procedures and training, and offering thoughtful advice and counsel, we assist clients in preventing employee claims and lawsuits, government investigations, and union organizing activity.
We’re in the client service business and know that many labor and employment problems arise without much warning and require an immediate response. We meet deadlines and provide plenty of adv...ance time where client review of documents is needed. And we communicate with our clients in plain English.
Founded in Atlanta,our attorneys practice before state and federal courts and administrative agencies in virtually every state.