GRC Information Security Systems Analyst; Minneapolis, MN

Join Dorsey's Information Security team as a GRC Information Security Systems Analyst to help safeguard our firm and clients by driving high-impact security initiatives across audits, risk, governance, and compliance.

• Support Information Security Systems Manager with the maintenance of Information Security documentation, supporting changes in the organization, technology, or threat landscape.
• Provide Information Security Program reporting related to metrics and dashboards for various Dorsey committees as requested by Information Security Systems Manager.
• Create and oversee the distribution of Bimonthly Information Security communications released Firm wide.
• Collaborate with Firm and Information Services process owners and stakeholders, internal and external assessors and auditors to execute and review risk assessments, internal and external surveillance audits resulting in the recertification (e.g., ISO 27001, GDPR). Document audit findings, remediation action plans and audit report responses.
• Consult with Information Services teams, Dorsey Business Teams and advise on Compliance requirements, and Information Security Standards and Controls.
• Collaborate with Information Services team stakeholders to implement processes that automate and continuously monitor Compliance-related, Information Security Standard controls, and approved exceptions.
• Assist GRC and Information Security management with ISMS continuous operation, monitoring, and improvement of the Information Security Management System (ISMS) by organizing and executing annual internal audits and management reviews.
• Maintain Compliance-related documentation, including policies, procedures, Statement of Applicability, and current reflections of changes in the organization, technology, or threat landscape.
• Complete Client-generated pre- and post-contract security controls and risk review assessment, audits, in support of Dorsey client requests.
• Review and provide security input into Client RFP Responses. Support Marketing and Business Development teams with RFP response requests as they pertain to Information Security information.
• Perform Dorsey-requested pre-contract security controls and risk review of technology, software, and services.
• Maintain Dorsey SIG Questionnaire and ndMax AI chatbot, collaborating with key Information Services stakeholders for its currency.
• Assist the Information Security Systems Manager with project-based risk assessments, interviewing, collecting data, and documenting risk. May be asked to present risk assessment results to Head of Cybersecurity and CIO for discussion and drive decision-making. Document risk decision in risk register if necessary.
• Maintain Firm Technology Risk Register, provide reporting and coordinate meetings with Information Services Leadership to discuss open risk items and remediation actions.
• Support the Information Security Systems Manager in the creation of an annual Firm-wide Annual Security Awareness Training Program, Human Risk Initiative, with Phish Simulation Testing.
• Support the delivery of a focused 8-week training program for currently hired business professionals, New Hired business professionals training.
• Support the delivery of multi-month, Firm-wide Phish Simulation Testing.
• Prepare Human Risk reporting and update Human Risk Calculations and additional training assigned by the Information Security Systems Manager.
• Execute the project-based enhancement of RBAC, Rights, Permissions, Groups, and Entitlement Definition and Clean-Up for Privileged Accounts (PIM), Service Accounts, and User Accounts, supporting the ongoing Identity & Authorization Services Compliance Oversight process.
• Execute post-project oversight process to validate the defined, repeatable process being followed to ensure all user, privileged users, and service accounts maintain security to reduce risk of unauthorized access.
• Execute oversight process to ensure assurance is validated, repeatable processes are being followed to ensure all human and nonhuman accounts maintain security that reduce risk of unauthorized access and shrink attack surfaces.
• Perform the quarterly Net Documents access review as assigned.
• Support the DLP Program Execution and Oversight to ensure the DLP controls meet Client, ISO, Information Governance, and Regulatory requirements.
• May perform other duties not listed above.

• Bachelor's Degree or equivalent in Business, Computer Science or equivalent experience.
• At least 3-5 years (preferred 5-7 years) of demonstrated experience across three of the following:
  • Implementing or maintaining an Information Security Management System (ISMS) aligned to one or more of the following compliance frameworks:
    • ISO 27001:2013
    • ISO 27001:2022
    • SOC2
    • GDPR
    • NIST Cybersecurity Framework (CSF)
    • NIST 800-53
  • Implementing or maintaining information security policies, standards, controls, guidelines, and procedures in one or more of the following compliance frameworks:
    • ISO 27001:2013
    • ISO 27001:2022
    • SOC2
    • GDPR
    • NIST…