Client & Vendor Risk Manager

Baker BottsHouston, TX
Remote

About The Position

The Information Security Client & Vendor Risk Manager leads the firm’s client due diligence program and oversees all information security vetting for third party vendors across the firm. This role requires deep expertise in security frameworks, strong risk‑assessment judgment, and the ability to influence senior stakeholders, including internal stakeholders, and client security teams. The Manager acts as a key liaison between the firm’s clients, internal leadership, IT Security, Procurement, and Risk Management, ensuring the firm meets the heightened expectations of our clients.

Requirements

  • 6+ years of experience in information security, vendor risk management, compliance, or legal‑industry operations, ideally within an Am Law 200 firm or similarly regulated environment.
  • Deep understanding of security frameworks and standards (SOC 2, ISO 27001, NIST CSF, HIPAA, GLBA, state privacy laws).
  • Experience conducting or leading vendor‑risk assessments for enterprise‑level technology providers.
  • Strong communication skills, including the ability to brief partners, respond to client security teams, and translate technical concepts for non‑technical audiences.
  • Demonstrated ability to work independently, manage sensitive information, and lead cross‑functional initiatives in a high‑pressure environment.
  • Professional certifications such as CTPRA, ISO 27001 Lead Implementer or Lead Auditor and CISSP, CISM, CRISC, or CISA required.
  • Experience with legal‑industry technologies (DMS, e‑discovery platforms, cloud‑based practice‑management tools) is a plus.

Nice To Haves

  • Experience with legal‑industry technologies (DMS, e‑discovery platforms, cloud‑based practice‑management tools)

Responsibilities

  • Own and mature the firm‑wide client and vendor due‑diligence program, ensuring consistency, accuracy, and alignment with the firm’s security posture and regulatory obligations.
  • Serve as the firm’s subject‑matter expert on information‑security controls, certifications, and risk posture during client audits, RFPs, and reviews or client engagement terms.
  • Lead complex vendor‑risk assessments for high‑impact technology and service providers, including review of SOC 2 reports, ISO 27001 certifications, penetration‑test results, cloud‑security controls, data‑protection, privacy, and retention practices.
  • Develop and maintain the firm’s vendor‑risk management framework, including risk‑scoring methodologies, onboarding workflows, and continuous‑monitoring processes.
  • Partner with Procurement, IT, and Office of General Counsel to evaluate vendor contracts, negotiate security requirements, and recommend risk‑mitigation strategies.
  • Prepare the firm for client audits and regulatory reviews, coordinating evidence collection, documentation, and SME participation across multiple departments.
  • Represent the firm in client‑facing security discussions, including responding to escalated inquiries from corporate counsel, privacy officers, and client security teams.
  • Monitor emerging risks and regulatory developments relevant to the legal industry (e.g., SEC cybersecurity rules, state privacy laws, international data‑transfer requirements).
  • Mentor junior analysts and contribute to the professional development of the broader Risk and Compliance team.
  • Drive continuous improvement, identifying opportunities to streamline due‑diligence workflows, enhance tracking and remediation of client-identified risks, and strengthen the firm’s security posture.
  • Provide management with periodic reports & briefings on evolving topics within their area of responsibility.
  • Other related projects and duties as assigned by the Director of Information Security.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service