Director of IT Security & Risk Management

Dechert•Philadelphia, PA

1d•Onsite

About The Position

The Director of Information Security is responsible for leading the firm’s global information security program and advancing a comprehensive, risk-based security strategy aligned with the firm’s business objectives, client obligations, and regulatory requirements. Reporting to the Chief Information and AI Officer, this role provides strategic and operational leadership across cybersecurity governance, risk management, security operations, incident response, security architecture, awareness, compliance, and third-party security. This leader partners closely with firm leadership, business services, technology teams, legal and risk stakeholders, and external partners to safeguard the confidentiality, integrity, and availability of the firm’s information assets, systems, and services. This role ensures security is embedded across the enterprise while enabling the business, protecting client trust, and supporting resilience in a complex global threat and regulatory environment.

Requirements

Relevant BS / BA degree
10+ years of experience in Information Security
5+ years in a Security leadership role
Knowledge and experience with enterprise data centers, network technologies, virtualization, unified communication, mobility
Experience and knowledge of common security, standards and risk frameworks
Knowledge of enterprise architecture and security architecture
Understanding of common commercial development and database technologies
Experience in developing and managing a security governance program
Ability to operate independently and collaborate in teams to achieve desired outcomes
Self motivated and highly productive
Strong written and verbal communication skills

Nice To Haves

Industry recognized security certifications (CISSP, CISA, CISM)
Legal industry knowledge and/or awareness
Project management, budget and forecast experience

Responsibilities

Lead the firm’s global information security program and develop a forward-looking security strategy aligned with business priorities, client expectations, and enterprise risk tolerance.
Serve as a trusted advisor to the CIO and firm leadership on cyber risk, security posture, investment priorities, and emerging threats.
Establish and maintain an effective security operating model that supports both day-to-day protection and long-term program maturity.
Manage the information security budget, resource planning, and program roadmap.
Design and maintain a cybersecurity governance framework, including appropriate steering committees, reporting structures, and decision-making forums.
Develop, implement, and maintain security policies, standards, procedures, and guidelines across the firm.
Create and manage a unified, risk-based control framework that supports legal, regulatory, contractual, and client-driven requirements across jurisdictions.
Partner with stakeholders across IT, General Counsel, Privacy, Procurement, and Business Continuity to ensure alignment and consistent application of security controls.
Support firm-wide risk assessments and advise leaders on risk mitigation strategies within the firm’s risk appetite.
Oversee the firm’s ability to identify, detect, respond to, manage, and recover from cybersecurity incidents.
Lead the development, maintenance, and testing of incident response plans, playbooks, and procedures.
Monitor the external threat environment and advise stakeholders on relevant threats, vulnerabilities, and mitigation actions.
Help ensure business-critical services are resilient and recoverable in the event of a security incident.
Partner with technology teams to ensure security controls are effective across infrastructure, cloud platforms, applications, networks, endpoints, identity, and data.
Ensure security is embedded into projects, system implementations, operational processes, and technology change initiatives.
Evaluate and implement modern security technologies and practices to strengthen the firm’s capabilities and improve operational maturity.
Help establish standards and baseline controls across the firm’s technology environment.
Support development and maintenance of asset inventories, including cloud services, third-party hosted systems, and critical information assets.
Partner with Procurement and General Counsel to ensure appropriate information security and data protection provisions are included in vendor and third-party contracts.
Support responses to client security assessments, outside counsel guidelines, audits, RFPs, and security due diligence requests.
Help define and maintain the standards, controls, and assurance practices necessary to meet firm and client expectations.
Build and maintain relationships with external peers, partners, vendors, and industry groups to stay informed on trends, incidents, and best practices.
Lead the firm’s security awareness and training program for employees, contractors, and approved system users.
Establish meaningful security metrics and reporting to measure effectiveness, identify trends, and support decision-making.
Recruit, develop, and retain a high-performing and diverse team of information security professionals.
Foster a strong culture of accountability, collaboration, and continuous improvement across the security function and broader organization.