Director - IT Operations and Security

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Systems, or related field.
• At least 10 years of experience in IT operations and security, with at least 5 years in a leadership role.
• Strong technical skills across a range of hardware, software, and networking technologies.
• Deep knowledge of enterprise-level security practices, including security frameworks such as ISO 27001/27701, NIST, or SOC 2.
• Excellent communication skills, both written and verbal, with the ability to communicate complex technical concepts to non-technical stakeholders.
• Strong leadership skills, with the ability to inspire and motivate a team to achieve goals and objectives.
• Knowledge of regulatory requirements and industry best practices related to IT operations and security.
• Strong problem-solving skills, with the ability to think creatively and strategically to solve complex technical issues.
• Strong project management skills, with the ability to lead projects from inception to completion on time and within budget.
• Experience with incident response and threat detection, including the ability to develop and execute security incident response plans.

Nice To Haves

• A master's degree is preferred.
• Experience in a law firm or other professional services environment is preferred.
• Relevant industry certifications, such as CISSP, CISM, or CISA, are preferred.

Responsibilities

• Lead the IT Security, Infrastructure, and Operations teams, setting strategic direction and operational priorities.
• Collaborate with department and firm leadership to align IT infrastructure, security, and IT service strategies with business objectives.
• Regularly communicate with stakeholders to provide updates on IT initiatives, gather feedback, and ensure alignment with business objectives.
• Develop and implement IT policies and procedures, ensuring compliance with industry best practices and regulatory requirements, including data privacy and security regulations.
• Manage the IT budget, forecasting and tracking expenses, and making recommendations for cost savings. Own budgetary planning and execution in areas of responsibility.
• Provide leadership, guidance, and mentoring to staff, promoting a culture of continuous improvement and professional development.
• Stay current with emerging technologies and industry trends and make recommendations for how the firm can leverage these to gain a competitive advantage.
• Co-own the IT innovation program and help drive awareness and adoption of existing solutions as well as identification and vetting of new use-cases.
• Lead the firm's security efforts, including the development, implementation, and maintenance of security protocols and practices across all aspects of the firm's technology infrastructure.
• Own the enterprise security strategy/roadmap, with measurable objectives and KPIs (e.g., risk reduction, control maturity).
• Conduct risk assessments and vulnerability analyses (e.g. penetration testing and RBRA), responding proactively to emerging threats and incidents.
• Maintain and mature a risk management program (risk register, treatment plans, exception process).
• Maintain ISO27001 and ISO27701 certifications. Identify value-add opportunities to expand GRC certifications.
• Oversee the organizational security awareness program.
• Work with the Office of General Counsel and Manager – Information Security to respond to client audits and to address client-driven and other internal and external security and compliance requirements.
• Own the hybrid cloud/core infrastructure strategy and target architecture; prioritize modernization (IaC, observability, SRE practices) and tech debt reduction.
• Develop and implement disaster recovery and business continuity plans to ensure the availability of critical systems and data in the event of an outage or other disruption.
• Define service strategies and quality targets for network, compute/storage/virtualization, identity/SSO, and UC; align with Collaboration and Security.
• Own enterprise collaboration platforms (e.g., Microsoft 365/Teams, SharePoint/OneDrive) and unified communications/telephony, including roadmap, reliability, and adoption.
• Oversee meeting room/AV ecosystems (hardware standards, room profiles, monitoring, firmware lifecycles) and measure meeting/call quality (MOS, drop rates, latency).
• Evaluate and recommend new technologies and tools to enhance the firm's technology infrastructure, operations, and security posture.
• Set the endpoint strategy and multi‑year roadmap across Windows/macOS/mobile and any VDI, approving standards, hardening baselines, and device governance.
• Define Digital Employee Experience (DEX) objectives and KPIs; review telemetry regularly and sponsor cross‑team remediation initiatives.
• Oversee the day-to-day operations of the IT department, ensuring that all systems and services are operating efficiently and securely.
• Drive continuous operational improvement and implement automation strategies to enhance overall efficiency and effectiveness of IT operations.
• Cultivate and sustain strong vendor relationships, overseeing contract negotiation, performance management, and ensuring vendors meet agreed-upon service levels.

Benefits

• Hybrid Schedule
• Medical Insurance
• Dental Insurance
• Vision Insurance
• 401K Program
• Retirement Savings Program
• Generous Paid Time Off
• Paid Holidays including a floating holiday
• WorkWell wellness program
• Free use of building gym
• Caregiving assistance with Bright Horizons (child, elder, and pet care!)
• Firm-wide emergency assistance fund
• Free full access to LinkedIn Learning