Cyber Risk Manager

King & Spalding is seeking a Cyber Risk Manager. This position will play a key role with all Governance, Risk, and Compliance (GRC) related activities. This individual will manage and conduct security assessments, penetration tests, and other continual improvement activities intended to identify and manage cybersecurity and information risk across the enterprise. This individual will also conduct security assessments on prospective and existing third parties, and assist with the remediation of technical vulnerabilities within the Vulnerability Management program. Additionally, this individual will play a lead role firm’s Security Awareness program by assisting with the design and implementation of the firm’s annual and new hire security awareness training. The Cyber Risk Manager will report to the Cyber Risk Manager and will work closely with Subject Matter Experts throughout the firm.  They will support the client security inquiry process at the firm, which includes responding to client questionnaires and reviewing IT security terms within client contracts. This role will be responsible for managing and maintaining the firm’s ISO 27001 certification, as well as the full library of information security policy and standards.  

 SKILLS: 

• Problem Solving – Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in group problem solving situations; Uses reason even when dealing with emotional topics. 
• Technical Skills – Assesses own strengths and weaknesses; Pursues training and development opportunities; Strives to continuously build knowledge and skills; Shares expertise with others. 
• Customer Service – Responds promptly to customer needs; Responds to e-mail and voice mails as soon as possible and no later than the following business day; Solicits customer feedback to improve service; Responds to requests for service and assistance; Meets commitments. 
• Interpersonal – Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others’ ideas and tries new things. 
• Oral Communication – Speaks clearly and persuasively in positive or negative situations; Listens and gets clarification; Responds well to questions; Demonstrates group presentation skills; Participates in meetings. Able to translate and communicate technical security concepts in terms of business risk 
• Teamwork – Balances team and individual responsibilities; Exhibits objectivity and openness to others’ views; Gives and welcomes feedback; Contributes to building a positive team spirit; Puts success of team above own interests; Able to contribute to morale and group commitments to goals and objectives; Supports everyone’s efforts to succeed; Recognizes accomplishments of other team members. 
• Written Communication – Writes clearly and informatively; Edits work for spelling and grammar; Varies writing style to meet needs; Presents numerical data effectively; Able to read and interpret written information. 
• Other Skills: Expertise in IT Governance, Risk, and Compliance. Expertise in applying reasonable security controls to manage risk while enable business processes. 

    EXPERIENCE: 

• BA/BS in Computer Science, Business, or related field is required 
• Advanced certification such as CISSP, CISM, CISA, or CCSP preferred 
• At least 5-7 years of experience in the areas of information security, risk management, compliance, IT audit or similar functions 
• Experience managing client security inquiries including questionnaires, onsite audits, and contractual terms review 
• Experience with ISO 27001/27002 
• Experience with industry leading GRC platforms a plus 
• Experience with managing internal controls, risk assessments, business process and internal IT control testing or operational auditing 
• Experience with client services or professional services firm a plus 

JOB CONDITIONS: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually quiet. This position is eligible for Remote Work.  The firm offers a generous total compensation package with bonuses and raises awarded in recognition of individual merit-based performance. Eligible employees may participate in King & Spalding’s comprehensive benefit program including health and wellness plan, life and disability insurance, flexible spending accounts and a health savings account, a 401(k) plan, profit sharing plan, discount programs, and a substantial Paid Time Off (PTO) program. We are proud of our remarkably cohesive culture, which now encompasses more than 2,300 lawyers and business professionals in 24 locations worldwide. We seek to attract and develop the very best talent to work with us.