Join Dorsey s Information Security team as a GRC Information Security Systems Analyst to help safeguard our firm and clients by driving high-impact security initiatives across audits, risk, governance, and compliance. In this role, you ll lead and support client and pre-contract security assessments, organize and execute internal ISMS audits and management reviews, maintain current policies and controls aligned to ISO 27001 and other leading frameworks, and oversee authorization services and quarterly NetDocuments access reviews. You ll partner with stakeholders to deliver cybersecurity consulting projects, validate repeatable RBAC and entitlement processes, and ensure our DLP program meets client, ISO, and regulatory requirements to make a tangible difference in the resilience and trust our clients expect. Key Responsibilities Include: Support GRC Manager with the maintenance of Information Security documentation, supporting changes in the organization, technology, or threat landscape. Provide Information Security Program reporting related to metrics and dashboards for various Dorsey committees as requested by GRC Manager. Create and oversee the distribution of Bimonthly Information Security communications released Firm wide. Collaborate with Firm and Information Services process owners and stakeholders, internal and external assessors and auditors to execute and review risk assessments, internal and external surveillance audits resulting in the recertification (e.g., ISO 27001, GDPR). Document audit findings, remediation action plans and audit report responses. Consult with Information Services teams, Dorsey Business Teams and advise on Compliance requirements, and Information Security Standards and Controls. Collaborate with Information Services team stakeholders to implement processes that automate and continuously monitor Compliance-related, Information Security Standard controls, and approved exceptions. Assist GRC and Information Security management with ISMS continuous operation, monitoring, and improvement of the Information Security Management System (ISMS) by organizing and executing annual internal audits and management reviews. Maintain Compliance-related documentation, including policies, procedures, Statement of Applicability, are current and reflect any changes in the organization, technology, or threat landscape. Complete Client-generated pre- and post-contract security controls and risk review assessment, audits, in support of Dorsey client requests. Review and provide security input into Client RFP Responses. Support Marketing and Business Development teams with RFP response requests as they pertain to Information Security information. Perform Dorsey-requested pre-contract security controls and risk review of technology, software, and services. Maintain Dorsey SIG Questionnaire and ndMax AI chatbot, collaborating with key Information Services stakeholders for its currency. Assist GRC Manager with project-based risk assessments, interviewing, collecting data, and documenting risk. May be asked to present risk assessment results to Head of Cybersecurity and CIO for discussion and drive decision-making. Document risk decision in risk register if necessary. Maintain Firm Technology Risk Register, provide reporting and coordinate meetings with Information Services Leadership to discuss open risk items and remediation actions. Support GRC Manager in the creation of an annual Firm-wide Annual Security Awareness Training Program, Human Risk Initiative, with Phish Simulation Testing. Support the delivery of a focused 8-week training program for currently hired business professionals, New Hired business professionals training. Support the delivery of multi-month, Firm-wide Phish Simulation Testing. Prepare Human Risk reporting and update Human Risk Calculations and additional training assigned by GRC Manager. Execute the project-based enhancement of RBAC, Rights, Permissions, Groups, and Entitlement Definition and Clean-Up for Privileged Accounts (PIM), Service Accounts, and User Accounts, this position will support the ongoing Identity & Authorization Services Compliance Oversight process. Execute post-project oversight process will validate the defined, repeatable process being followed to ensure all user, privileged users, and service accounts maintain security to reduce risk of unauthorized access. Execute oversight process to ensure assurance is validated, repeatable processes are being followed to ensure all human and nonhuman accounts maintain security that reduce risk of unauthorized access and shrink attack surfaces. Perform the quarterly NetDocuments access review as assigned. Support the DLP Program Execution and Oversight to ensure the DLP controls meet Client, ISO, Information Governance, and Regulatory requirements. May perform other duties not listed above. Dorsey offers opportunities for advancement within a collaborative and dynamic environment, with competitive pay and excellent benefits. Our benefits are available to business professionals working 17+ hours/week along with their dependents, including spouses and domestic partners regardless of gender. Dorsey s benefit package includes: comprehensive medical insurance with coverage for infertility, gender-affirming care, behavioral health, and access to virtual providers; dental insurance; vision insurance; 401(k) retirement savings plan with Firm contribution; basic and optional life insurance; short and long-term disability; paid time off; up to 8 weeks of paid parental leave with up to an additional 6-8 weeks of paid short-term disability for business professionals who give birth; paid holidays; paid volunteer day; discretionary bonuses (if bonus eligible); adoption assistance; healthcare, dependent care, and transportation pre-tax reimbursement accounts; back-up child and elder care program; education and college advising program; virtual tutoring; wellbeing programs and activities; mass transit program (certain offices); travel assistance program; 24/7 employee assistance program with access to five confidential visits with a licensed counselor at no cost. (Some benefits are subject to eligibility criteria.) Reasonable Accommodations: Dorsey is committed to providing disability and religious-based reasonable accommodations, as well as menopause, pregnancy or lactation-related reasonable accommodations. If you require a reasonable accommodation during the application and hiring process, or if you have questions about a workplace reasonable accommodation, please contact us at 612-492-5178. Dorsey & Whitney LLP is an EEO/AAP/Disabled Vets Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, ancestry, sex, national origin, sexual orientation, gender identity, affectional preference, disability, age, marital status, familial status, status with regard to public assistance, military or veteran status, or any other legally-protected status. Dorsey & Whitney LLP participates in E-Verify. The pay range for this position in Minnesota only is an annual salary of $96,560 to $124,960. This range represents Dorsey s good faith estimate of likely compensation at the time of posting. Actual pay will be dependent upon a number of factors, including the candidate s experience, qualifications, skills and location and may fall outside of the range indicated. Dorsey estimates it will accept applications through May 13, 2026. Please note that Dorsey is not currently accepting search firm submissions in connection with this opening.
