Information Security Lead - Cyber Security and Operations in Chicago, Illinois at Sidley Austin LLP

The Information Security Lead for the Cyber Security & Operations function is responsible for providing continuous threat monitoring and incident response services. This individual is responsible for monitoring, developing, and maintaining the tools, technologies, and processes that enable the organization to detect and prevent computer security threats. The Senior Information Security Lead acts as a subject matter expert and works with cross-functional teams as required to perform incident investigations and response activities. This individual participates in the Information Security Operations Center which provides timely investigation and response to potential IT incidents through the continuous monitoring and tracking of security events.

Duties and Responsibilities:

• Provide primary support for the network security solutions, including next generation firewalls, web proxies, Cloud Access Security Broker (CASB) technologies and other network security technologies
• Participate in and lead troubleshooting and resolution efforts for wide range of security and network related issues
• Review and triage information security alerts, provide analysis, determine and track remediation, and escalate as appropriate
• Proactively identify and assess security risks and works in advisory capacity for technical teams on mitigation strategies
• Participate as a member of the Information Security Operations Team (SecOps) by responding to information security incidents according to the Incident Response Plan
• Help build skillset of less experienced security personnel through knowledge transfer and mentoring
• Perform review of scheduled information security reports to identify abnormal or potentially suspicious activity within the environment
• Maintain the operational integrity of the Security Operations Center (SOC) through monitoring and periodic testing of critical tools and processes
• Develop working relationships with cross-functional teams from Information Technology, Physical Security, Human Resources, Marketing, Privacy, Legal, and third-party vendors to effectively respond to security incidents
• Document information security incident reports to capture relevant details including approach, root cause, lessons learned, and process improvements
• Contribute to the advancement of the security monitoring program through thought leadership and guidance on tools, technologies, and processes that provide automated and proactive detection and prevention
• Develop and improve process/procedure manuals and documentation related to incident response, threat intelligence, threat detection, and analysis of vulnerabilities
• Propose and generate metrics with emphasis on Security Operation Center (SOC) Key Performance Indicators (KPI). Provide secondary support for the log management and Security Information and Event Monitoring (SIEM) solutions, Multifactor Authentication platform (MFA), Privilege Access Management platform (PAM), and vulnerability management tools

Education and/or Experience:

Required:

• Bachelors degree or equivalent combination of education and/or experience
• Minimum of 7 years of experience in an Information Security role with at least two years in an incident response, threat analysis, or a security operation center role.
• Relevant knowledge and experience in two or more of the following areas: incident response, threat analysis, malware response , security operations, Network Security/next generation firewall, proxy configuration and management
• Demonstrated experience in threat detection technologies including two or more of the following: network or host intrusion prevention/detection systems (IPS/IDS), Endpoint Protection, Security Incident Event Management (SIEM), data loss prevention (DLP), Cloud Access Security
• Broker (CASB), Next-Gen Firewall (NGFW), or Multifactor-Authentication platforms (MFA)
• Demonstrated ability to analyze security events, perform initial triage, and determine appropriate next steps
• Demonstrated experience in security projects development, security vendor or services management, and request for proposal processes and procedures

Preferred:

• Bachelors degree
• Certified Information Systems Security Professional (CISSP) or equivalent is preferred
• One or more of the following technical certifications is preferred: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensics Analyst (GCFA), or GIAC Reverse Engineering Malware (GREM), EC-Council Certified Security Analyst

Other Skills and Abilities:

The following will also be required of the successful candidate:

• Strong organizational skills
• Strong attention to detail
• Good judgment
• Strong interpersonal communication skills
• Strong analytical and problem solving skills
• Able to work harmoniously and effectively with others
• Able to preserve confidentiality and exercise discretion
• Able to work under pressure
• Able to manage multiple projects with competing deadlines and priorities

#LI-OE1

#LI-Hybrid

The target salary range for this role is:

Salaries vary by location and are based on numerous factors, including, but not limited to, the relevant market, skills, experience, and education of the selected candidate. Our compensation package also includes bonus eligibility and a comprehensive benefits program. Benefits information can be found at Sidley.com/Benefits.

To perform this job successfully, an individual must be able to perform the Duties and Responsibilities above satisfactorily and meet the requirements. The requirements listed above are representative of the minimum knowledge, skill, and/or ability required. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job. If you need such an accommodation, please email sidleytalentacquisition@sidley.com (current employees should contact Human Resources).

Sidley Austin LLP is an Equal Opportunity Employer.