Enterprise Security Compliance Manager

About The Position

Requirements

• A bachelor's degree or diploma of higher education; equivalent experience in Security and Technology may be considered in lieu of a degree
• A minimum of five (5) years of experience in information security
• A minimum of ten (10) years of experience working in information technology
• A minimum of two (2) years of experience applying project management concepts
• Exhibit well-developed and professional interpersonal skills and the ability to interact effectively with clients, vendors, and colleagues at all organizational levels
• Demonstrate strong communication skills, both written and verbal
• Possess strong analytical skills, including effectively defining problems and identifying solutions

Nice To Haves

• A bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field, preferably
• A recognized security certification, preferably
• Experience working in a law practice office, preferably

Responsibilities

• Organizing and conducting meetings of the firm’s Third Party Access Security Review Team, coordinating the assessment of vendors, and leveraging team members’ expertise in the vendor review process
• Arranging third-party penetration tests and vulnerability testing by identifying and negotiating with vendors, scheduling testing, and following up on results delivery
• Reviewing firm contracts as part of the firm’s contract review process to assess and recommend adjustments that serve to minimize security risk in firm agreements
• Supporting the client security review process on an overflow basis, from Intake through Closure, by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities
• In coordination with the Information Security Officer, evaluating the results of internal and external system vulnerability scans, and arranging necessary internal follow-up to facilitate agreement regarding any recommended remediation items
• Tracking agreed security remediation efforts from vulnerability tests, etc., and with the support of the Information Security Office and others, ensuring successful disposition of each item
• Working to enhance the confidentiality, integrity, and availability of data at the firm, regardless of form
• Maintaining information security documentation and assisting in the development of security policies and procedures
• Serving as subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security) and promotes a culture of security throughout the firm
• Protecting and maintaining any highly sensitive, confidential, privileged, financial, and/or proprietary information that Latham & Watkins retains

Benefits

• Healthcare, life and disability insurance
• A generous 401k plan
• At least 11 paid holidays per year, and a PTO program that accrues 23 days during the first year of employment and grows with tenure
• Well-being programs (e.g. mental health services, mindfulness and resiliency, medical resources, well-being events, and more)
• Professional development programs
• Employee discounts
• Affinity groups, networks, and coalitions for lawyers and staff