Senior Information Security AI Analyst - Sidley Austin LLP

Summary

The Senior Information Security AI Analyst is a member of the IT Security team and works closely with other IT teams and business stakeholders in the development and automation of core functions supporting the Information Security program. The incumbent will play a critical role in safeguarding our organization's and vendors’ Generative AI and Large Language Model (LLM) infrastructures and data by developing and implementing robust security measures.

The Senior Information Security AI Analyst works to support the continued maturity of the GRC program through the development and compliance to IT Security Policies and Procedures, Security Awareness Training, support GRC Audit deliverables and respond to client related security inquiries.

Duties and Responsibilities

• Conduct thorough risk assessments of Generative AI and LLM systems and applications to identify potential vulnerabilities and threats.
• Develop and implement security strategies and controls to protect Generative AI and LLM systems from attacks, data breaches, and unauthorized access.
• Stay up-to-date on the latest Generative AI and LLM security trends, threats, and best practices.
• Collaborate with data scientists, engineers, and other stakeholders to ensure Generative AI and LLM systems are developed and deployed securely.
• Develop and maintain Generative AI and LLM security policies and procedures.
• Provide guidance and training to employees on AI security best practices.
• Oversee vendor relationship for applicable third party vendors providing service delivery of GRC related functions to include but not limited to vendor management, security awareness and professional services.
• Support client interactions through completion/timely response to client security inquires, questionnaires, participation in onsite and virtual audits and risk remediation.
• Support GRC program through service delivery and oversight of operational activities and related functions to include but not limited to vendor management, security awareness, audit and compliance and exception management.
• Provide input and analysis in the development and deployment of IT security service deliverables to include but not limited to policy and procedures, risk assessment and control evaluation, security awareness and training, exception management and risk remediation.
• Provide input and consultation to IT and business resources in the mapping and alignment of Security Policies against prescribed control frameworks, to include but not limited to ISO 27001 and ISF Standard of Good Practice for Information Security.
• Liaise with IT and Business Risk Owners in the management of risk treatment/acceptance plans for related security risks and work within the information security governance process to define control recommendations that are both efficient and effective.
• Participate and contribute to information security working groups and team meetings.
• Consolidate and manage monthly dashboards and reporting of service deliverables on behalf of GRC team and communicate to management.
• Maintain documentation of client interactions, risk assessments and IT Security Polices and supporting procedures within document management system.

Qualifications

To perform this job successfully, an individual must be able to perform the Duties and Responsibilities (Duties) above satisfactorily and meet the requirements below. The requirements listed below are representative of the minimum knowledge, skill, and/or ability required. Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions of the job. If you need such an accommodation, please email staffrecruiting@sidley.com (current employees should contact Human Resources). 

Education and/or Experience: 

Required:

• Bachelor’s degree or equivalent combination of education and/or experience. 
• A minimum of 4 years of experience in the field of IT Security, Information Assurance or Security Awareness program development.
• Strong analytical skills

Preferred:

• Understanding of both artificial intelligence and cybersecurity, with a proven ability to identify, assess, and mitigate risks associated with Generative AI and LLM systems
• Understanding of Control Standard Frameworks such as ISO 27001, ISF Standard of Good Practice for Information Security, etc.
• Strong technical writing and system documentation experience (e.g. System Configuration, Design and Requirements Specifications, etc.)
• CISSP certification, CISA certification
• Programming skills

Other Skills and Abilities:

The following will also be required of the successful candidate:

• Strong organizational skills
• Strong attention to detail
• Good judgment
• Strong interpersonal communication skills
• Strong analytical and problem solving skills
• Able to work harmoniously and effectively with others
• Able to preserve confidentiality and exercise discretion
• Able to work under pressure
• Able to manage multiple projects with competing deadlines and priorities

Sidley Austin LLP is an Equal Opportunity Employer