Manager Information Security CISSP
|Published||March 9, 2023|
- Reporting to the Firm’s Director – Information Technology and working with other IT teams and Firm leadership, the Manager will develop and maintain information security policies, procedures and standards and advise the various departments and practice groups in adhering to them.
- Provides expert opinions on existing technical threads and advice on how to mitigate or identify as acceptable risks.
- Oversees vulnerability scanning and remediation programs.
- Oversees and/or assists in performing on-going security monitoring threat avoidance analyses.
- Manages relationships with security managed service providers and continuously develop their capabilities.
- Analyzes new systems (hardware and software) and provides recommendations concerning their security.
- Coordinates the development of an ongoing information security awareness program to ensure that employees are aware of threats and how to help ensure privacy of Firm data.
- Provides the responses to client security audits/questionnaires/RFPs.
- Provides management with up-to-date information on the different threats and security vulnerabilities that the organization may face.
- Maintains appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted client data and reasonably protect against anticipated threats and hazards.
- Ensures compliance through adequate training programs and oversight of periodic internal and 3rd party security audits. Assesses audit results and partners with staff to create pragmatic action plans. Monitors execution and completion of action plans.
- Provides technical guidance and training to information owners and designs and implements programs for user awareness, compliance monitoring and security compliance.
- Develops and maintain an ongoing risk assessment program targeting information security and privacy matters.
- Partners with Information Technology managers to develop and maintain best practices and policies for security of all internal systems.
- Actively participates in Information Security and serves as Information Technology owner for incident responses. Serves as primary contact for Information Technology incident responses.
- Performs other work-related duties as assigned.
Skills and Requirements:
- Bachelor’s degree or equivalent with at least 4 years of security-related experience.
- 8+ years of experience working in an information security related field.
- 2+ years of experience managing a team of technical security engineers.
- Must have 1 or more of the following certifications: CISSP, CISM, CEH, CIPP; matriculating candidates considered.
- Strong knowledge of security implications involving Microsoft, Cisco, Unix/Linux and other market leaders in technology solutions, including mobile devices.
- Solid understanding of various security frameworks; ISO27001/NIST.
- Working knowledge of EDR, Vulnerability Scanning, Firewall, Proxy, SIEM and other security-related technologies.
- Excellent listening skills and written and oral communication skills, including effective presentation skills.
- Ability to relate to non-technical users in user-friendly language.
- Ability to understand technical implications of security threats.
- Ability to manage multiple concurrent objectives or activities and effectively make judgments in prioritizing and time allocation in a high-pressure environment.
- Ability to gauge one’s strengths and limitations.
- Ability to deal with changes and adapt to a changing environment.
- Must demonstrate the ability to maintain strict confidentiality of the Firm's internal and personnel affairs.
- Ability to work well with others, harness different skills and experience and build a strong sense of team spirit.
- Highly self-motivated and directed.
- Ability to work in a multi-office environment and willingness to travel to other offices as required.
- Experience working in a law Firm or professional services Firm environment preferred.