Wachtell,Lipton,Rosen & Katz

Information Security GRC Analyst

US-NY-New York
3 months ago
Job ID
IT Security
Monday - Friday 9:30 a.m. - 5:30 p.m.
Full Time


The Information Security GRC Analyst will be responsible for ensuring the integrity, confidentiality and availability of the Firm’s information via risk assessments, audits, controls testing, policy and procedure, as well as compliance initiatives. The Information Security GRC Analyst will also assist in monitoring Firm security systems and assisting in the coordination effort to remediate alerts and respond to incidents.  The successful candidate will support various GRC initiates, Security Operations activities, as well as work on a diverse set of security related projects and responsibilities.

Essential Duties and Responsibilities

  • Perform information security risk assessments and assess the control environment of the business processes and applications under review, including both manual and automated processes in accordance with the information security program.
  • Create, analyze and develop risk assessment/audit reports, as well as remediation plans resulting from the identification of risks and vulnerabilities discovered during audits/risk assessments.
  • Conduct risk assessments of third parties as part of the Vendor Risk Management program.
  • Facilitate client risk assessments of WLRK’s security program.
  • Monitor and audit the Firm’s File Monitoring tool and other access control tools to       ensure compliance with firm policies and industry best practices.
  • Assist with the Incident Response Program and documentation of incident reports.
  • Assist with client due-diligence program.
  • Assist the Security Operations team with support of security solutions as the SIEM, NAC, A/V, IPS, etc.
  • Maintain updated list of relevant information security laws and regulations and ensure firm compliance.
  • Provide ongoing Information Security Training to Firm employees.
  • Facilitate Information Security meetings and maintain meeting notes.
  • Work across teams to accomplish security program goals.

Knowledge, Skills, and Abilities Required

  • Strong knowledge of information security domains, concepts and principals.
  • Strong knowledge of local and global information security, privacy and compliance regulations.
  • Practical experience with frameworks such as ISO 27000, NIST, COSO and COBIT.
  • Excellent documentation skills.
  • Practical experience in scoping and conducting risk assessment and audits and documenting results.
  • Knowledge of network services, vulnerabilities, exploits and attacks.
  • Knowledge of server and desktop operating systems, routers, switches, firewalls and other network equipment.
  • Experience with any of the following considered a plus:
    • Vulnerability Scanning tools   
    • Network Scanning/Management tools, Event Log management systems
    • Anti-virus, Anti-spam and other protective tools
    • Encryption products and Open source security related tools
    • Forensic Tools
  • Detail oriented and able to meet tight deadlines.
  • Excellent written, verbal and interpersonal skills.
  • Highly motivated self-starter with an inquisitive personality.
  • Desire and ability to learn new skills and concepts.

Education and Experience

  • Bachelor’s degree in related field or discipline.

  • 3-5 years of experience in an information security and/or audit and compliance role.

  • CISSP, CISA, GIAC and other Industry Certifications considered a plus.

Working Conditions

Normal office environment with little exposure to excessive noise, dust, temperature and the like.


The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of essential functions, responsibilities or requirements.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed