Winston & Strawn
Chicago - Security and Compliance Analyst
Winston & Strawn, Chicago, Illinois, United States, 60290
Chicago - Security and Compliance Analyst
Join to apply for the
Chicago - Security and Compliance Analyst
role at
Winston & Strawn LLP Chicago - Security and Compliance Analyst
Join to apply for the
Chicago - Security and Compliance Analyst
role at
Winston & Strawn LLP Get AI-powered advice on this job and more exclusive features. About Us
For professional staff, Winston & Strawn presents an exciting opportunity to be a part of a leading global law firm. With our commitment to excellence, diversity, a collaborative work environment, and an emphasis on professional growth, Winston offers a platform for individuals seeking to advance their careers in a dynamic and rewarding environment. Winston is known for its collaborative and collegial culture. We believe teamwork is an essential component in providing high-quality legal services and we value the talents and skills of our entire professional staff team. About Us
For professional staff, Winston & Strawn presents an exciting opportunity to be a part of a leading global law firm. With our commitment to excellence, diversity, a collaborative work environment, and an emphasis on professional growth, Winston offers a platform for individuals seeking to advance their careers in a dynamic and rewarding environment. Winston is known for its collaborative and collegial culture. We believe teamwork is an essential component in providing high-quality legal services and we value the talents and skills of our entire professional staff team.
Position Summary
The Security and Compliance Analyst is responsible for helping mature and maintain the firms information security program in alignment with regulatory and compliance requirements. This is a collaborative position that involves partnering with internal stakeholders to drive continuous improvement and external clients to effectively communicate how the firm is safeguarding the information that is entrusted to us. The ideal candidate is naturally curious and brings a mix of experience across the areas of technology, security, and compliance.
Duties And Responsibilities
Contributes to the development and maintenance of information security policies, procedures, and baseline standards. Collaborates with functional technology teams to drive adoption. Performs project and solution-based risk assessments for newly adopted technologies to identify potential privacy and security risks. Performs third-party vendor security risk assessments for new and existing vendors to evaluate alignment with the firms compliance and security expectations. Supports the maintenance and administration of the GRC platform, assisting with control updates, evidence collection, and documentation to meet audit, assessment, and business requirements. Assists in measuring and tracking security and compliance metrics and key performance indicators (KPIs). Assists with responding to client security inquiries, questionnaires, and assessment requests. Tracks and coordinates remediation of identified issues through resolution. Performs and coordinates ongoing security reviews and assessments to measure and validate the effectiveness of internal controls (e.g., network penetration testing, red team assessments, process maturity reviews, technology gap assessments). Supports various ongoing security initiatives (e.g., program enhancements, process improvements, security tool implementations). Supports information security awareness training efforts and campaigns (e.g., developing annual training materials, conducting phishing exercises). Supports ISO 27001 compliance activities (e.g., ISMS management reviews, internal audits, risk assessments). Coordinates and liaises with external auditors to facilitate annual certification and surveillance audits. Identifies potential security threats and vulnerabilities through threat feeds, vulnerabilities scans, and other mechanisms. Assists with and coordinates the timely resolution of vulnerabilities with relevant technology stakeholders.
Basic Qualifications
Bachelors degree required. 2+ years of experience in two or more domains of information security, risk, and compliance (GRC), or IT audit required. This role is fully remote but must reside in a commutable distance to the applicable firm office required.
Additional Qualifications
Knowledge of and experience working with leading information security standards (e.g., NIST 800, ISO 27001) and relevant privacy regulations (e.g., GDPR, CCPA, HIPAA) preferred. Experience with leading GRC platforms (e.g., Vanta, Drata, OneTrust) preferred. Experience in a professional services, consulting, or client-facing role preferred. Relevant security certifications (e.g., CISSP, CISA) preferred.
COMPETENCIES
Understanding of fundamental information technology concepts (e.g., networking, system admin, cloud platforms, endpoint management). Strong understanding of security fundamentals and control processes (e.g., identity management, access controls, encryption, segmentation, threat, and vulnerability management). Excellent analytical and organizational skills; detail oriented. Excellent communication skills, both written and verbal. Comfortable leading meetings and presentations with stakeholders at all levels. Ability to work independently and collaborate in cross-functional teams. Approaches challenges with tenacity; solves problems with creativity.
Benefits
Winston offers comprehensive benefits that provide a full spectrum of coverage and support for our full-time employees and their families. Additional information about benefits and rewards can be found here .
SALARY
Illinois based applicants only:
The target annual salary range for this role is currently $86,000- $100,000 based on a regular, full-time schedule. The amount of compensation offered will be determined by several factors, including but not limited to experience, qualifications ,market data and internal equity. Total compensation may include an annual discretionary merit bonus, yearly retirement plan contribution, and a comprehensive benefits package.
We are an equal opportunity employer and welcome applicants from all backgrounds and experiences.
Seniority level
Seniority level
Entry level Employment type
Employment type
Full-time Job function
Job function
Legal Industries
Law Practice Referrals increase your chances of interviewing at Winston & Strawn LLP by 2x Get notified about new Compliance Analyst jobs in
Chicago, IL . Chicago, IL $122,400.00-$168,300.00 2 weeks ago Greater Chicago Area $150,000.00-$280,000.00 1 week ago Chicago, IL $80,000.00-$100,000.00 4 days ago Chicago, IL $63,300.00-$117,200.00 6 days ago Compliance Specialist - Conflicts of Interest, Life Sciences
Chicago, IL $86,000.00-$107,000.00 1 month ago Chicago, IL $90,000.00-$130,000.00 4 hours ago Evanston, IL $90,000.00-$180,000.00 5 days ago Chicago, IL $104,000.00-$140,000.00 4 days ago Greater Chicago Area $275,000.00-$300,000.00 2 weeks ago Chicago, IL $100,000.00-$120,000.00 2 weeks ago Chicago, IL $78,000.00-$112,000.00 4 days ago Chicago, IL $210,000.00-$275,000.00 1 week ago ACH and Payments Compliance and Governance
Senior Compliance Officer (or Compliance Officer)
Chicago, IL $220,000.00-$280,000.00 1 week ago Chicago, IL $100,500.00-$173,250.00 6 days ago Chicago, IL $120,000.00-$203,000.00 2 weeks ago Chicago, IL $110,000.00-$140,000.00 3 weeks ago Greater Chicago Area $100,000.00-$145,000.00 1 week ago Chicago, IL $80,000.00-$95,000.00 5 months ago Chicago, IL $70,251.00-$76,490.00 1 month ago Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr
Join to apply for the
Chicago - Security and Compliance Analyst
role at
Winston & Strawn LLP Chicago - Security and Compliance Analyst
Join to apply for the
Chicago - Security and Compliance Analyst
role at
Winston & Strawn LLP Get AI-powered advice on this job and more exclusive features. About Us
For professional staff, Winston & Strawn presents an exciting opportunity to be a part of a leading global law firm. With our commitment to excellence, diversity, a collaborative work environment, and an emphasis on professional growth, Winston offers a platform for individuals seeking to advance their careers in a dynamic and rewarding environment. Winston is known for its collaborative and collegial culture. We believe teamwork is an essential component in providing high-quality legal services and we value the talents and skills of our entire professional staff team. About Us
For professional staff, Winston & Strawn presents an exciting opportunity to be a part of a leading global law firm. With our commitment to excellence, diversity, a collaborative work environment, and an emphasis on professional growth, Winston offers a platform for individuals seeking to advance their careers in a dynamic and rewarding environment. Winston is known for its collaborative and collegial culture. We believe teamwork is an essential component in providing high-quality legal services and we value the talents and skills of our entire professional staff team.
Position Summary
The Security and Compliance Analyst is responsible for helping mature and maintain the firms information security program in alignment with regulatory and compliance requirements. This is a collaborative position that involves partnering with internal stakeholders to drive continuous improvement and external clients to effectively communicate how the firm is safeguarding the information that is entrusted to us. The ideal candidate is naturally curious and brings a mix of experience across the areas of technology, security, and compliance.
Duties And Responsibilities
Contributes to the development and maintenance of information security policies, procedures, and baseline standards. Collaborates with functional technology teams to drive adoption. Performs project and solution-based risk assessments for newly adopted technologies to identify potential privacy and security risks. Performs third-party vendor security risk assessments for new and existing vendors to evaluate alignment with the firms compliance and security expectations. Supports the maintenance and administration of the GRC platform, assisting with control updates, evidence collection, and documentation to meet audit, assessment, and business requirements. Assists in measuring and tracking security and compliance metrics and key performance indicators (KPIs). Assists with responding to client security inquiries, questionnaires, and assessment requests. Tracks and coordinates remediation of identified issues through resolution. Performs and coordinates ongoing security reviews and assessments to measure and validate the effectiveness of internal controls (e.g., network penetration testing, red team assessments, process maturity reviews, technology gap assessments). Supports various ongoing security initiatives (e.g., program enhancements, process improvements, security tool implementations). Supports information security awareness training efforts and campaigns (e.g., developing annual training materials, conducting phishing exercises). Supports ISO 27001 compliance activities (e.g., ISMS management reviews, internal audits, risk assessments). Coordinates and liaises with external auditors to facilitate annual certification and surveillance audits. Identifies potential security threats and vulnerabilities through threat feeds, vulnerabilities scans, and other mechanisms. Assists with and coordinates the timely resolution of vulnerabilities with relevant technology stakeholders.
Basic Qualifications
Bachelors degree required. 2+ years of experience in two or more domains of information security, risk, and compliance (GRC), or IT audit required. This role is fully remote but must reside in a commutable distance to the applicable firm office required.
Additional Qualifications
Knowledge of and experience working with leading information security standards (e.g., NIST 800, ISO 27001) and relevant privacy regulations (e.g., GDPR, CCPA, HIPAA) preferred. Experience with leading GRC platforms (e.g., Vanta, Drata, OneTrust) preferred. Experience in a professional services, consulting, or client-facing role preferred. Relevant security certifications (e.g., CISSP, CISA) preferred.
COMPETENCIES
Understanding of fundamental information technology concepts (e.g., networking, system admin, cloud platforms, endpoint management). Strong understanding of security fundamentals and control processes (e.g., identity management, access controls, encryption, segmentation, threat, and vulnerability management). Excellent analytical and organizational skills; detail oriented. Excellent communication skills, both written and verbal. Comfortable leading meetings and presentations with stakeholders at all levels. Ability to work independently and collaborate in cross-functional teams. Approaches challenges with tenacity; solves problems with creativity.
Benefits
Winston offers comprehensive benefits that provide a full spectrum of coverage and support for our full-time employees and their families. Additional information about benefits and rewards can be found here .
SALARY
Illinois based applicants only:
The target annual salary range for this role is currently $86,000- $100,000 based on a regular, full-time schedule. The amount of compensation offered will be determined by several factors, including but not limited to experience, qualifications ,market data and internal equity. Total compensation may include an annual discretionary merit bonus, yearly retirement plan contribution, and a comprehensive benefits package.
We are an equal opportunity employer and welcome applicants from all backgrounds and experiences.
Seniority level
Seniority level
Entry level Employment type
Employment type
Full-time Job function
Job function
Legal Industries
Law Practice Referrals increase your chances of interviewing at Winston & Strawn LLP by 2x Get notified about new Compliance Analyst jobs in
Chicago, IL . Chicago, IL $122,400.00-$168,300.00 2 weeks ago Greater Chicago Area $150,000.00-$280,000.00 1 week ago Chicago, IL $80,000.00-$100,000.00 4 days ago Chicago, IL $63,300.00-$117,200.00 6 days ago Compliance Specialist - Conflicts of Interest, Life Sciences
Chicago, IL $86,000.00-$107,000.00 1 month ago Chicago, IL $90,000.00-$130,000.00 4 hours ago Evanston, IL $90,000.00-$180,000.00 5 days ago Chicago, IL $104,000.00-$140,000.00 4 days ago Greater Chicago Area $275,000.00-$300,000.00 2 weeks ago Chicago, IL $100,000.00-$120,000.00 2 weeks ago Chicago, IL $78,000.00-$112,000.00 4 days ago Chicago, IL $210,000.00-$275,000.00 1 week ago ACH and Payments Compliance and Governance
Senior Compliance Officer (or Compliance Officer)
Chicago, IL $220,000.00-$280,000.00 1 week ago Chicago, IL $100,500.00-$173,250.00 6 days ago Chicago, IL $120,000.00-$203,000.00 2 weeks ago Chicago, IL $110,000.00-$140,000.00 3 weeks ago Greater Chicago Area $100,000.00-$145,000.00 1 week ago Chicago, IL $80,000.00-$95,000.00 5 months ago Chicago, IL $70,251.00-$76,490.00 1 month ago Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr