Information Security Analyst

Senior Information Security Analyst | Hybrid | Atlanta, GA | $120,000 - $125,000

Are you an experienced Information Security professional with deep Microsoft security expertise and a passion for protecting highly sensitive data? Do you thrive in environments where governance, risk, and compliance are just as critical as technical security operations? If you're looking to play a key role in safeguarding client confidentiality within a modern, technology-driven law firm, this Senior Information Security Analyst opportunity could be the perfect fit.

We are partnering with a leading law firm seeking a Senior Information Security Analyst to strengthen and mature its security posture across Microsoft-based technologies. This is a high-impact role where you’ll work across Governance, Risk & Compliance (GRC), Security Operations (SOC), and threat protection platforms, helping protect critical legal and client data.

• Security Operations (SOC): Monitor, investigate, and respond to security incidents across Microsoft 365, Azure, endpoints, and email platforms. Lead incident response activities, including containment, eradication, and recovery.
• Microsoft Security Platform Management: Administer and optimize Microsoft Defender (Endpoint, Office 365, Identity, Cloud Apps) to enhance threat detection, endpoint security, and identity protection.
• Email & Phishing Security: Manage and improve email security posture using Mimecast, including phishing simulations, threat intelligence, impersonation protection, and user awareness initiatives.
• Governance, Risk & Compliance (GRC): Conduct risk assessments, manage third-party/vendor risk reviews, maintain risk registers, and support compliance with legal industry standards and frameworks (e.g., ISO 27001, NIST CSF, Cyber Essentials).
• Policy & Controls Development: Develop, implement, and maintain security policies, standards, and procedures aligned to regulatory and client requirements.
• Threat Detection & Response: Investigate alerts, analyze logs (SIEM/Sentinel), perform root cause analysis, and document findings with clear remediation plans.
• Security Awareness & Training: Lead phishing campaigns and security awareness initiatives to reduce human risk and strengthen firm-wide cyber hygiene.
• Audit & Client Assurance Support: Support client security questionnaires, audits, and due diligence reviews, ensuring evidence and documentation are maintained.
• Continuous Improvement: Identify security gaps and proactively recommend enhancements across cloud, endpoint, identity, and email environments.

• 5+ years of experience in Information Security, with strong exposure to Microsoft-based environments.
• Hands‑on experience with Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps).
• Experience managing Mimecast (or equivalent secure email gateway) including anti‑phishing and impersonation controls.
• Proven experience in SOC operations and incident response.
• Strong knowledge of Governance, Risk & Compliance (GRC) processes and risk assessment methodologies.
• Experience with Microsoft 365 security & compliance features (DLP, Conditional Access, MFA, Purview).
• Familiarity with SIEM tools (e.g., Microsoft Sentinel) and log analysis.
• Understanding of security frameworks such as NIST CSF, ISO 27001, CIS Controls.
• Experience working in regulated environments (legal, financial services, or professional services preferred).
• Strong written and verbal communication skills, particularly in translating technical risk into business impact.
• Ability to operate independently in a fast-paced professional services environment.

• Certifications such as CISSP, CISM, CISA, or Microsoft Security certifications (SC‑200, SC‑300, SC‑100).
• Experience with Azure security architecture and identity governance.
• Knowledge of Data Loss Prevention (DLP) and Insider Risk Management.
• Experience supporting client audits and regulatory assessments.
• Exposure to vulnerability management and penetration testing coordination.
• Experience contributing to the development of a mature security roadmap and long-term strategy.

• Play a critical role protecting highly confidential legal and client data.
• Join a forward-thinking law firm investing heavily in Microsoft cloud security.
• Broad exposure across GRC, SOC, cloud security, and email threat protection.
• Opportunity to shape and mature the firm’s security framework.
• Collaborative, professional services environment with strong leadership support.

If you're ready to take ownership of security operations, risk management, and Microsoft security platforms within a respected law firm, press the Easy Apply button today!