Senior Information Security and Risk Analyst

(Atlanta, Full-time, Hybrid)

Fisher Phillips, a premier international labor and employment law firm, is seeking a skilled and experienced Senior Information Security and Risk Analyst to join our team. In this essential role, you will contribute to the seamless operation of our services, providing crucial support to our department in delivering exceptional client service and maintaining our commitment to excellence.

The Senior Information Security and Risk Analyst serves as a key leader within Fisher Phillips’ Information Security Team, responsible for safeguarding the confidentiality, integrity, and availability of cloud-based, on-premises, and internal Firm networks. This role provides strategic oversight of security monitoring and incident response activities, including the analysis and enrichment of security events through advanced contextual and threat intelligence. In addition to coordinating and guiding incident response efforts across stakeholders, the position plays a critical role in evaluating existing security processes, controls, and technologies to identify gaps, drive continuous improvement, and enhance the overall effectiveness and maturity of the Firm’s Information Security program.

Key Responsibilities

• Provide oversight and direction for the monitoring, interpretation, and assessment of security events generated by Firm security platforms, ensuring appropriate prioritization, escalation, and response to incidents.
• Conduct periodic, risk-focused reviews of the Firm’s information security posture, including access controls and permission models, and recommend enhancements to improve security governance and reduce risk.
• Establish and enforce access governance standards by overseeing investigations of unauthorized or inappropriate access, directing remediation actions, and ensuring violations are properly documented and reported.
• Oversee the investigation and analysis of security alerts from endpoint protection, network security, and monitoring systems, ensuring alerts are appropriately triaged and addressed in accordance with Firm standards.
• Provide senior-level oversight of email security incident response, including phishing and malware investigations, remediation actions, and identification of systemic control improvements.
• Provide administration and strategic oversight of Microsoft Defender for Office 365, including policy design, tuning, threat investigation workflows, and continuous optimization to reduce phishing, malware, and business email compromise risk.
• Analyze Microsoft Secure Score and related security posture metrics to identify gaps, prioritize risk-based improvements, and lead remediation initiatives that strengthen the Firm’s overall Microsoft 365 and Entra security posture.
• Maintain advanced knowledge of information security, risk management, and regulatory trends through ongoing professional development, industry engagement, and participation in relevant professional organizations.
• Serve as a key contributor to client-driven and regulatory security audits by overseeing the collection and validation of security control evidence and supporting responses to client data security assessments.

Requirements

• Bachelor’s degree in information security or a related field.
• Experience working with security frameworks (e.g., ISO 27001) required.

• Relevant cybersecurity certifications are preferred (e.g., CISSP, CISA, CISM).
• Experience managing Microsoft Defender for Office 365 - safe attachments, safe links, anti-phishing policies, spoof/intelligence protection, and threat hunting.
• Experience managing Security Email Gateways (Mimecast-preferred) - polices, mail flow, antispam/malware filters, reporting.
• Experience investigating and remediating email-based threats like phishing, business email compromise, ransomware, impersonation, and malware.
• Experience managing Endpoint Detection and Response platforms and performing alert triage, behavioral analysis, device isolation, threat hunting, remediation.
• Experience leading or contributing to full incident lifecycle - triage, containment, eradication, recovery.
• Experience with Security Information and Event Management (SIEM) concepts, threat intelligence, basic scripting, auditing, tuning.
• Ability to analyze, collect, and categorize vulnerabilities in information systems to guide decision making.
• Ability to organize, standardize, and manage detailed information while prioritizing multiple competing work efforts.
• Ability to work collaboratively and effectively across teams, exercise sound judgment, and confidently navigate conflict resolution while analyzing, appraising, and resolving complex procedural, organizational, and administrative challenges.

Preferred Skills

• Knowledge of incident response methodologies, cyber threats and vulnerabilities, adversarial tactics and techniques.
• Knowledge of cybersecurity, ethics and privacy principles, along with related regulatory requirements.
• Strong self-motivation with the ability to work independently and take initiative.
• Qualified applications with arrest or conviction records will be considered for employment

Why Join Us

At Fisher Phillips, we recognize that exceptional talent is the foundation of our success, enabling us to deliver outstanding service to both our internal and external clients. Joining our team means collaborating in a professional yet dynamic environment that leverages cutting-edge technology. Our leadership is committed to fostering your professional growth and providing opportunities to challenge yourself in meaningful ways.

We believe in rewarding talent with more than just a competitive salary. Our comprehensive benefits package includes health, dental, and vision insurance, a 401(k) with profit sharing, generous paid time off, and holidays.

Your well-being is our priority. We offer 24/7 telehealth services, a variety of wellness programs, and additional optional benefits designed to support your unique lifestyle. At Fisher Phillips, you’ll find a workplace that values your health, happiness, and continued professional development.

To learn more about our firm, visit us at www.fisherphillips.com.

Equal Opportunity Employer

Fisher Phillips is committed to providing equal employment opportunities to all employees and applicants, regardless of race, ethnicity, religion, sex (including related medical conditions), gender, sexual orientation, national origin, citizenship status, veteran status, marital status, pregnancy, age, disability, or any other protected status, in compliance with all applicable laws. The statements in this position description are not necessarily all-inclusive. Additional duties and responsibilities may be assigned, and requirements may vary from time to time. Relocation costs are not covered. We are only accepting direct applicants; third-party recruiters or agencies will not be considered. No phone inquiries, please.

As part of our initial screening process, we may use an AI tool to compare the skills and job titles from your resume with the job description, using machine learning or artificial intelligence based on their contextual meaning and relevancy. This is NOT an automated employment decision tool (‘AEDT’) and will not be used to make selection decisions. It is only used (occasionally) in addition to manual screening.