Spencer Fane LLP Logo

Information Security and Risk Analyst – Kansas City, MO, St. Louis, MO or Houston, TX

The IT Security and Risk Analyst is accountable for delivering information technology security solutions across the enterprise. The IT Security Analyst reports to the Information Technology Director. The role is responsible for monitoring, reporting, and alerting on cybersecurity and other technology based risks to the firm. The IT Security Analyst will use data analysis and metrics to ensure the confidentiality, availability, integrity, and accountability of all firm IT systems. The IT Security Analyst will counsel IT Department leadership on risks, including threat analysis and vulnerability analysis. The position will coordinate with outside parties, including managed security operations centers (SOCs) and other security-based vendors.  The IT Security Analyst will test vulnerability patches and certify updates for the firm before release to production systems.

*Only local candidates will be considered


  • Assess cybersecurity threats and vulnerabilities by several means, including intelligence services, forums, and security partners.
  • Coordinate with managed security operations centers (SOCs)
  • Administer firm security systems, including anti-virus, intrusion detection and prevention, and logs
  • Audit backup and disaster recovery systems
  • Using KPIs and metrics, assess and score the cybersecurity risk posture of the firm
  • Establish a defense-in-depth strategy for the firm
  • Establish appropriate service level agreements and ensure KPIs are met.  Provide data and reporting of KPI’s and trends to business leaders, department managers, and others ad-hoc, weekly, monthly and as needed.
  • Help IT leadership assess capital investment parameters, priorities and risks for information security related IT initiatives to maximize the return on investment.
  • Execute on the IT Director’s vision, strategy, and roadmap.
  • Build strong relationships with IT teams and develop a detailed understanding of their issues, challenges and opportunities.
  • Foster a culture of innovation, transparency and accountability in IT.
  • Promote a “Firm-first” mentality at all levels of the IT organization.
  • Assist in incident response scenarios in identification, recovery, and forensics
  • Participate in the design and implementation of an enterprise-wide disaster recovery and business continuity plan.
  • Review and recommend industry developments in IT Security
  • Respond to requests from clients for Information Security Assessments and Audits
  • Participate in Internal Audits of firm IT systems
  • Represent the firm at relevant information security conferences, forums, and other events.


  • Experience working in security engineering and security operations.
  • Experience with Asset Management, Patch Management, and Vulnerability Management.
  • Experience with incident response and handling.
  • Experience with scripting (e.g. Powershell), and strong desire to learn new technology.
  • Experience with NIST and Insider Threat Frameworks.
  • Experience with Cloud Security (e.g. AWS, Azure, and Google Cloud).
  • Currently hold or willingness to earn security related certificates (e.g. GIAC, CISSP, SSCP, Security+, Pentest+, and CySA+).
  • Willingness to travel to headquarter and remote offices.
  • Bachelor’s degree in Business, Enterprise Risk Management, Computer Science, Information Technology, or related area required. Master’s degree preferred..
  • A combination of technical certifications in Cybersecurity, Cloud Computing Security, Risk Management, Auditing, Information Technology Governance (ITIL) required.
  • Able to work collaboratively with diverse teams and individuals, understand and execute on an IT vision and strategy across all levels of the organization, and build consensus around key initiatives and projects.
  • A team player with proven ability to build trust with others through a commitment to the highest ethical and professional standards.
  • A tenacious drive and passion about achieving the goals of the IT department and the firm, all in the interest of serving the Firm’s clients


  • This position is generally sedentary in nature, movement throughout the area is required from time to time. This is a noisy and busy environment without much privacy.  Continuous communication with co-workers and supervisors is essential. Repetitive movements, occasional lifting of up to 10 pounds, reaching, lifting, stooping and the ability to read a computer screen, detect color coding and read fine print will be expected.
  • Ability to travel to other locations up to 20% of the time.

Please send resume to jobs@spencerfane.com.


The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required of personnel so classified.


  • Remote interview process
  • Personal protective equipment provided or required
  • Social distancing guidelines in place
  • Virtual meetings
  • Sanitizing, disinfecting, or cleaning procedures in place
  • Significant work from home support