Cybersecurity GRC Specialist II

About Kirkland & Ellis


At Kirkland & Ellis, we don't just meet the standard for legal excellence - we set it. Our culture is built on teamwork, ingenuity and an unwavering commitment to continuous growth. We tackle the most sophisticated legal challenges with bold ideas and innovative solutions, powered by the exceptional experience and ambition of our 7,000+ people, including 4,000+ attorneys, across 24 offices worldwide. Our dedicated professionals share our lawyers' commitment to excellence and show up each day to do meaningful work that helps drive global business, investment and innovation forward.


What You'll Do


Are you driven to strengthen security programs, reduce risk, and help organizations meet evolving cybersecurity expectations?


As a Security GRC Specialist II , you'll be a key member of the Governance, Risk, and Compliance (GRC) team, leading and executing core GRC programs while serving as a trusted Information Security subject matter expert. This role blends strategic oversight with hands-on execution-partnering with technical teams, business stakeholders, clients, and vendors to ensure security controls, policies, and risk practices are effective, compliant, and clearly communicated.


What You'll Do

• Client & Third-Party Assessments: Lead responses to client security assessments, questionnaires, and audits, documenting evidence and performing risk assessments as needed.

• Policy & Standards Management: Create, maintain, and evolve security policies, standards, guidelines, and supporting documentation through strong technical writing.

• Risk & Compliance Assurance: Manage and support processes that ensure Information Technology (IT) systems meet cybersecurity, risk, and compliance requirements.

• Security Consulting & SME Support: Serve as an Information Security subject matter expert, advising technical and non-technical stakeholders across the organization.

• Vendor Risk Management: Manage the third-party Security Vendor Risk Management program, including assessments, remediation tracking, and lifecycle oversight.

• Exception & Risk Treatment: Oversee the security exception request process and provide guidance on appropriate risk treatment decisions.

• Security Awareness Program: Manage the full lifecycle of the Security Awareness program, including roadmap development, training evaluation, and effectiveness measurement.

• GRC Platform Administration: Support and optimize Governance, Risk, and Compliance (GRC) technology platforms and associated workflows.

• Controls & Compliance Evaluations: Conduct evaluations of IT programs and components to confirm alignment with published security standards and frameworks.

What You'll Bring

• Education: Bachelor's degree or equivalent with five (5) years of work experience in IT Security is required.
• Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Advanced in AI Audit (AAIA), Advanced in AI Risk (AAIR), Advanced in AI Security Management (AAISM) or other relevant training and certifications are preferred.
• Information Security Experience: Four (4) or more years of Information Security experience, with handson technical experience strongly preferred.
• Framework & GRC Knowledge: Strong working knowledge of security frameworks and standards such as ISO 27001, National Institute of Standards and Technology (NIST), System and Organization Controls (SOC), and Standardized Information Gathering (SIG) is required.
• AI Risk: Experience in Artificial Intelligence (AI) governance, security, and risk management is required.
• Technical Writing & Communication: Proven ability to produce clear, well-structured security documentation and communicate complex technical topics to varied audiences.
• Risk & Vendor Management Skills: Experience leading risk assessments, vendor security reviews, and client-facing security discussions with professionalism and tact.
• GRC Tools & Technologies: Familiarity with GRC platforms, role-based access controls, and a broad range of security technologies and tools.
• Analytical & Organizational Strength: Strong problem-solving, project management, and time management skills with the ability to work independently or collaboratively.
• Technical Acumen: Working knowledge of areas such as authentication, encryption, firewalls, SIEM, intrusion detection/prevention, vulnerability management, mobile security, and privileged access management.
• Collaboration & Professionalism: Client-focused mindset with strong interpersonal skills, attention to detail, and a commitment to maintaining accurate records and documentation.

Compensation


The base salary range below represents the low and high end of the salary range for this position in Chicago. This range may differ based on your geographic location and cost of living considerations. At Kirkland & Ellis, we consider compensation more than just a base salary. We offer an exceptional range of flexible benefits including comprehensive healthcare, paid time off, and retirement. We also offer personal support and tailored learning and development opportunities all designed to help you realize your full potential both in life and at work.

Compensation Range:

Chicago: $116,000 - $144,000


How to Apply


Thank you for your interest in Kirkland & Ellis LLP. To complete an application and submit your resume, please click "Apply Now."

Don't meet every job requirement? That's okay! If you're excited about this role but your experience doesn't perfectly fit every qualification, we encourage you to apply anyway. You may be just the right person for this role or others at Kirkland.


Equal Employment Opportunity


All employment decisions, including the recruiting, hiring, placement, training availability, promotion, compensation, evaluation, disciplinary actions, and termination of employment (if necessary) are made without regard to the employee's race, color, creed, religion, sex, pregnancy or childbirth, personal appearance, family responsibilities, sexual orientation or preference, gender identity, political affiliation, source of income, place of residence, national or ethnic origin, ancestry, age, marital status, military veteran status, unfavorable discharge from military service, physical or mental disability, or on any other basis prohibited by applicable law. #LI-Hybrid #LI-AR1