The Director of Information Security reports to the Chief Information Officer (CIO) and is responsible for information security policy assessments, enforcing compliance with firm security policies and applicable law, vendor management and security incident management. Working with the firm’s Information Technology teams, including Network Operations, Customer Experience, Practice Services and Research, the Director of Information Security will help develop, manage, audit and enforce security related policies and procedures throughout the firm’s enterprise on premise and cloud systems.
REQUIRED KNOWLEDGE, SKILLS AND ABILITIES:
- Admin-level knowledge of Windows system administration and Active Directory.
- Knowledge of network security principals, best practices and industry standards.
- Knowledge of security models that maintain and enforce security policies.
- Expert understanding of cloud controls and environments, a strong foundation in IT solutions deployment and practical understanding of IT security compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices and associated tools in a cloud environment are critical.
- Experience with IT security, compliance, risk and privacy frameworks such as ISO 27001, NIST 800-53, HIPAA, GDPR, CCPA.
- Knowledge of security tools and concepts including: IDS/IPS; SIEM; Web Proxy; Encryption; Patch management; Vulnerability Scanning & Remediation; Forensics; Penetration Testing; DLP; Email Gateways; Anti-spam Services; MDM; Privileged Account Management; Log Analytics; Two Factor Authentication; Single Sign On.
- Individual must possess excellent communication and interpersonal skills with a high degree of empathy and emotional intelligence, be self-motivated with the ability to manage and prioritize multiple deliverables to meet deadlines and demonstrate proven success delivering results individually and as part of a team in a fast-paced, demanding, growth environment.
JOB COMPETENCIES / SUCCESS FACTORS:
- Client-service orientation
- Pro-active problem solving
- Strong communication skills
- Work ethic and teamwork
- Leadership skills
- Interpersonal skills
- 4+ years of experience working in an Information Security management role.
- CISSP certification
- Project management experience preferred
- Previous law firm experience highly desired