Job added in hotlist
Applied job
Contract job
Recruiter job
Employer job
Expanded search
Apply online not available
Similar Jobs
Cyber SAP Security & Business Process Controls Manager
Deloitte Development, LLC
Chicago, IL
Apply Now >
Cyber ERP SAP Controls Manager
Deloitte Development, LLC
Chicago, IL
Apply Now >
IT Compliance and Controls Manager
CME Group Inc
Chicago, IL
Apply Now >
Lead Information Security Engineer REMOTE
Request Technology
Chicago, IL
Apply Now >
Security Assurance Manager
Sprout Social, Inc
Chicago, IL
Apply Now >

Job Details

Security GRC Manager

Company name
Kirkland & Ellis LLP.

Chicago, IL, United States

Employment Type


Posted on
Nov 19, 2020

Valid Through
Mar 04, 2021

Apply for this job


The Security GRC Manager is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position serves in a personnel and progam manager role, subject matter expert, and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC tool management.


Program management: Lead the GRC program roadmap, status reporting on initiatives, metrics, and delivery of the program services.

Policy management: Lead in the creation and maintenance of security policies, standards, processes and guidelines. Evaluate exception requests and make approval recommendations to management.

Security training and awareness: Lead and mature the security awareness and phishing program. This includes roadmap development, plan, coordinate, measure, and evaluate cyber training / education courses, methods, and techniques based on instructional needs.

Program assessments: Manage and support the 3rd Party Security Vendor Risk Management program, management of SOC2 reporting and ISO27001 certification, and assessments or security requests from clients.

Risk management: Manage control testing, issues management (findings, remediation plans, and exception requests), risk register and reporting.

Governance: Analyze and stay current with regulations that impact information security / privacy program.

Qualifications & Requirements

Education, Work Experience, Skills

Bachelor's degree is preferred

Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.

Seven (7) years of direct experience (Information Security/Governance) is required.

Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred.

Four (4) years of management experience required.

Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC2, SIG is required

Strong knowledge of risk management principles and practices is required.

Technical writing experience is required.

Business Intelligence/Analytics (Qlik, Tableau) is preferred.

Prior IT Security experience in the legal industry experience is preferred.

Experience with instructional content, educational writing, and technical writing strongly preferred.

Three (3) years of experience managing timelines and being self-directed preferred.

Governance, Risk, and Compliance (GRC) tool management is preferred.

Client focus, including tact and diplomacy is required.

Interview, gather, and understand content from subject-matter experts

Ability to perform as primary Security Subject Matter Expert (SME) in a senior or lead capacity.

Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.

Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm’s security program and controls.

Ability to communicate an effective security awareness message throughout the organization.

Demonstrate ability to create and maintain security policy, standard, guideline and procedure documents.

Demonstrate ability to effectively communicate deeply technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users

Additional skills mapped to Knowledge, Skills, and Abilities (KSAs) based on NIST SP 800-181.


Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.

Strong knowledge of security administration and role-based security controls.

Strong knowledge and use of GRC platforms.

Strong knowledge of Access/Identity Management technologies.

Strong knowledge of BI/Analytics tools.

Knowledge of host and network-based anti-malware technologies.

Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.

Knowledge of client and server firewalling technologies and capabilities.

Knowledge of security event management (SIEM), event correlation and analysis technologies.

Knowledge of data encryption technologies.

Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.

Knowledge of web filtering and email SPAM prevention techniques.

Knowledge of vulnerability assessment and forensic investigations tools.

Knowledge of mobile device security and Mobile Device Management solutions.

Certificates, Licensures, Registrations

Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.

Company info

Kirkland & Ellis LLP.
Website :

Similar Jobs:
Manager, Security Data Analytics (SIEM)
Location : Northbrook, IL
(This will open in a new window from which you will be automatically redirected to an external site after 5 seconds) The world isn’t standing still, and neither is Allstate.  We’re moving quickly, looking across our businesses and...
GRC Security Risk Specialist
Location : Chicago, IL
*Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subje...
Sr. Systems Engineer-IT
Location : Oakbrook Terrace, IL
Sr. Systems Engineer-IT','228664','!*! At Exelon, we've got a place for you! Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the coun...
The number of jobs listed on EmploymentCrossing is great. I appreciate the efforts that are taken to ensure the accuracy and validity of all jobs.
Richard S - Baltimore, MD
  • All we do is research jobs.
  • Our team of researchers, programmers, and analysts find you jobs from over 1,000 career pages and other sources
  • Our members get more interviews and jobs than people who use "public job boards"
Shoot for the moon. Even if you miss it, you will land among the stars.
EmploymentCrossing - #1 Job Aggregation and Private Job-Opening Research Service — The Most Quality Jobs Anywhere
EmploymentCrossing is the first job consolidation service in the employment industry to seek to include every job that exists in the world.
Copyright © 2020 EmploymentCrossing - All rights reserved. 168 192