Director, Information Security

Director, Information Security

Director, Information Security

Category

IT/HelpDesk/Tech

Location

New York, New York

Employment Type

Permanent

Salary

$227600 - $284500



Job Description:

About The Role

  • Manages Information Security staff, including scheduling, performance evaluation, salary recommendation and related personnel actions.
  • Identifies areas of risk to firm, client and private information and leads risk assessments to determine appropriate remediation, serving as a liaison to General Counsel in this regard.
  • Works directly with firm clients to address information security concerns and complete written and in-house security audits, negotiating and implementing requested security training and technical measures.
  • Works with the business to review Outside Counsel Guidelines and Requests for Proposal, confirming the firm’s ability to meet requirements and requesting changes as warranted.
  • Directs firm activities and resources to achieve and maintain compliance with information security standards such as state and federal privacy laws, ISO 27002/1, and General Data Protection Regulation.
  • Leads and coordinates the firm’s operational response to information security incidents that threaten firm, client and private information, directing forensics and organizing communications. Identifies  and reports on information security incidents to firm management.
  • Approves changes to firm systems, applications and policies that may affect the security of firm, client and private information. Serves as the internal auditor for information security processes.
  • Works closely with senior leaders, line-of-business managers, the IT organization, and others to establish an effective security governance framework, support the delegation of authority, manage budgets, ensure effective enterprise risk management and support the establishment of measurable controls.
  • Serves as an internal information security consultant to the Department and Firm. Advises the department with current information about information security technologies and related regulatory issues.
  • Develops a strategic vision for the security program; organizes resources for effective security policies, practices and processes; and develops an annual security plan. Identifies enterprise systems, processes, and information resources that require security protections.
  • Identifies areas where existing security architecture requires change or development.   Ensures local security standards align with international and national standards.   Stays up to date with Security (legal requirements, policy and technology) developments in the commercial world and especially in the area of the law so that the firm remains at the forefront of any security related developments affecting the firm and the firm’s clients.
  • Monitors multiple logs across diverse platforms to uncover specific activities as they occur from platform to platform.   Analyzes security analysis reports for security vulnerabilities and recommends feasible and appropriate options.   Reports on significant trends and vulnerabilities.
  • Develops, maintains, publishes, and communicates enterprise-wide security standards, procedures and guidelines. Ensures that adherence to those standards is monitored and enforced.
  • Oversees the security infrastructure; for example identity and access management, firewalls, antivirus and intrusion detection system/intrusion prevention system. Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained. Monitors the security infrastructure for policy violations or security events, conducts security engineering, assists with resolution of escalated incidents and participates in problem management activities.
  • Improves security awareness and instills a risk-aware culture in the organization, ensuring that personnel fully understand the risk implications of their IT assets.
  • Measures and reports on the effectiveness and efficiency of security activities and capabilities. Manages, monitors, and matures security processes (for example, identity and access management; and threat and vulnerability management).
  • Oversees IT security within the system development lifecycle, change management, production systems support and technology-enabled projects (user administration, security logging, secure process flow, security best practices).
  • Develops and leads information security projects, adhering to budgets, project plans, and business objectives.
  • Negotiates security-related software licensing and support agreements.
  • Oversees security reviews of potential new firm technology tools as part of the broader due diligence process.  
  • Assumes additional responsibilities as assigned.

 

Job Requirements:

  • Strategic thinking and planning abilities required.
  • Analytical thinking:
    • Able to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.  
    • Makes logical conclusions, anticipates obstacles and considers different approaches that are relevant to the decision making process.
  • Demonstrated team player with ability to effectively meet challenges, influence and drive consensus within the team.
  • Enterprise business knowledge:
    • Solicits information on enterprise direction, goals and industry competitive environment to determine how own function can add value to the organization and to customers.
    • Makes decisions and recommendations clearly linked to the organization's strategy and financial goals, reflecting an awareness of external dynamics.
  • Risk management:
    • Identifies risks and obstacles to plans. Defines scarcity and conflicts of resource needs, and potential constraints.
    • Investigates risks within various project elements, assesses impact, and develops contingency plans to address major risks.
  • Deep knowledge of security issues, techniques, and implications across all existing computer platforms required
  • Deep knowledge of networking, databases and systems operations is required
  • Proven leadership skills are required.
  • Collaboration and influence skills are required.
  • Proven interpersonal and communication skills. Strong ability to communicate clearly and succinctly with firm leadership, lawyers and business professionals, as well as external clients.
  • Demonstrated  ability to prioritize tasks and effectively manage multiple responsibilities in a dynamic environment.
  • Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.  
  • Strong work ethic; excellent use of discretion and judgment.  
  • Excellent written communication skills.  
  • Ability to work under pressure and multi-task on various assignments; Detail orientation is a must.

Required Experience

Education

  • Bachelor's Degree in Computer Science, Cybersecurity, Management or related work experience.  
  • CISSP or other major security certification preferred.

 

Experience:

  • Minimum of 10 years’ work experience managing information security in a large and complex environment; or other equivalent combination of education and experience that provides the required knowledge and skills.
  • Strong experience managing an Information Security team, to include demonstrated experience communicating with senior stakeholders.