Director of Information Security

About The Position

Requirements

• Bachelor’s or Master’s degree in Computer Science, Information Systems, Data Management, or related field.
• 10+ years of progressive information security experience, with at least 3 years in a senior leadership role.
• Demonstrated experience leading enterprise security programs in a professional services, legal, consulting, or similarly regulated environment.
• Deep knowledge of security frameworks and standards including NIST CSF, CIS Controls, ISO 27001, SOC 2, and HIPAA security rule requirements.
• Hands-on experience with Microsoft Azure security architecture, including Defender for Cloud, Entra ID (Azure AD), Sentinel, and related tooling.
• Strong understanding of endpoint, network, identity, and cloud security domains.
• Proven ability to communicate complex security topics to non-technical executive and board-level audiences.
• Experience managing and responding to cybersecurity incidents, including coordination with legal counsel and regulatory notification obligations.
• Bachelor's degree in Computer Science, Information Systems, or related field — or equivalent professional experience.

Nice To Haves

• CISSP, CISM, or equivalent advanced security certification strongly preferred.
• Experience in law firm or Big 4 / professional services security environments.
• Familiarity with legal technology platforms, matter management systems, and document management systems (e.g., iManage, NetDocuments).
• Experience with AI/LLM security governance, including evaluation of legal AI tools and data residency controls.

Responsibilities

• Develop, maintain, and execute a firm-wide information security strategy aligned to Manatt's business objectives, growth agenda, and risk appetite.
• Serve as the primary security advisor to the CIO, COO, executive leadership, and firm governance bodies; present security posture and program updates to senior stakeholders and the board as required.
• Build and lead a high-performing information security team, including hiring, mentoring, and professional development.
• Define and manage the information security program budget, balancing investment in tooling, staffing, and managed services.
• Own the firm's information security risk management program, including risk assessment, treatment, and continuous monitoring.
• Ensure compliance with applicable legal and regulatory frameworks including HIPAA/HITECH, state privacy laws, ABA cybersecurity guidelines, and client security requirements.
• Lead responses to client security questionnaires, RFPs, and third-party audits; serve as the primary security point of contact for client due diligence inquiries.
• Oversee vendor and third-party risk management, including security assessments of key technology partners and service providers.
• Provide security leadership and oversight for the firm's cloud transformation and data center migration initiatives, including Azure cloud security architecture and governance.
• Establish and enforce security standards and controls aligned to CIS Benchmarks and industry best practices across endpoint, network, cloud, and application layers.
• Partner with IT and engineering teams to embed security into the system development lifecycle, AI/LLM adoption initiatives, and enterprise technology deployments.
• Oversee the implementation and management of security tooling including endpoint protection, SIEM/SOAR, identity and access management, DLP, and vulnerability management.
• Lead the firm's security operations function, ensuring 24/7 threat monitoring, detection, and response capabilities.
• Own the incident response program, including playbooks, tabletop exercises, and coordination with legal, HR, and executive leadership during security events.
• Manage relationships with external security partners, MSSPs, and legal counsel in connection with security incidents and breach notification obligations.
• Oversee vulnerability and patch management programs in coordination with IT operations.
• Advise on and govern the secure adoption of AI and generative AI tools, including LLM-based legal technology platforms, ensuring appropriate data handling, access controls, and residency requirements.
• Stay abreast of the evolving threat landscape as it pertains to professional services, legal, and healthcare-adjacent industries; translate threat intelligence into actionable program improvements.
• Lead the firm's security awareness and training program, fostering a security-conscious culture across attorneys, business professionals, and leadership.
• Partner with HR and firm management to communicate policies and expectations around acceptable use, data handling, and security hygiene.

Benefits

• A full range of medical, financial and/or other benefits dependent on the position will also be offered.