About the position
The Cyber Security Program Lead oversees information security-related initiatives and projects, focusing predominantly on cyber compliance. Supports the firm's ISO 27001 security effort, ensuring key requirements are met and improvements made. Leads the firm's third-party risk management program and vulnerability management program. Ensures accurate completion of client and internal cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs). Works across groups within Information Services to implement security-related projects and procedures, confirms proper operation of security infrastructure and ensures proper incident response. Provides expertise and guidance on risk-based decisions, the integrity of security procedures, systems, and policies in the design of new applications and services. Authorized to approve new applications and services and exceptions to firm policy, in coordination with the Director, Information Security.
Responsibilities
- Approves risk decisions and exceptions to firm policy in coordination with the Director-Information Security.
- Supervises the Cyber Security Compliance Analyst position, supporting completion of information security risk assessments, daily/weekly/monthly/quarterly auditing of information security processes, creation of metrics, and ongoing vulnerability management.
- Oversees and participates in the completion and hosting of both firm and internal ISO 27001 security audits.
- Oversees the completion of client cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs).
- Supports IS security within the system development lifecycle including production acceptance, change management, user administration, security logging, secure process flow, and security best practices.
- Manages the firm's application security review process, ensuring new services are properly vetted.
- Monitors ongoing security incident response procedures to ensure proper identification and prioritization of incidents.
- Leads information security projects that enhance security protections to enterprise systems, processes, and information resources.
- Assists with proactively supporting client service and ensures that staff members are providing quality service to internal members of the Firm as well as external clients and vendors.
- Assumes additional responsibilities as assigned.
Requirements
- Hands on experience with the installation and support of computing platforms and applications, including selection, design and support of cyber security tools.
- Strong experience with one or more major cyber security compliance frameworks (NIST; ISO 27001; etc).
- Knowledge of security issues, techniques, and implications across all existing computer platforms required.
- Knowledge in networking, databases and systems operations is required.
- Strong work ethic; excellent use of discretion and judgment.
- Excellent written and verbal communication skills.
- Strategic thinking and planning abilities required.
- Analytical thinking.
- Able to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.
- Makes logical conclusions, anticipates obstacles and considers different approaches that are relevant to the decision making process.
- Effectively meet challenges, influence and drive consensus within the team.
- Proven interpersonal and communication skills.
- Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.
Nice-to-haves
- Security Certification (CISSP, CRISC, etc) or equivalent strongly preferred.
Benefits
- Equal opportunity employer.
- Reasonable accommodations for qualified individuals with disabilities.
