Information Security Director (ISD)

About The Position

Requirements

• 10+ years of progressive experience in information security, including leadership and program ownership roles
• CISSP (required); CISM or equivalent considered
• Demonstrated experience leading or scaling a security program; law firm or professional services preferred
• Strong experience with cloud security, vendor risk, and compliance frameworks
• Experience with SOC 2 programs and enterprise security tooling in Microsoft environments

Nice To Haves

• Experience with AI governance frameworks and emerging technology risk
• Experience leading ISO 27001 certification or gap analysis
• Familiarity with legal industry technologies and client expectations
• Experience in high-growth or rapidly scaling environments

Responsibilities

• Define and execute a Firm-wide cybersecurity strategy aligned with NIST CSF, NIST AI RMF 1.0, ISO 27001, and SOC 2 frameworks
• Own and continuously mature the Firm's Information Security Management System (ISMS)
• Lead ISO 27001 gap analysis and establish a roadmap toward certification
• Develop, maintain, and enforce security policies, standards, procedures, and governance structures
• Define and track key risk indicators (KRIs), metrics, and reporting frameworks
• Serve as the Firm's executive owner of AI security and governance
• Design and implement a scalable AI governance framework, including acceptable use standards, risk-tiering criteria, and data handling controls
• Evaluate AI tools, platforms, plugins, and agentic workflows prior to deployment
• Monitor evolving AI risk vectors (e.g., prompt injection, data leakage, MCP connector trust boundaries)
• Maintain and govern the Firm's AI System Inventory
• Own the Firm's vendor risk management program, including intake, risk-tiering, assessment, and continuous monitoring
• Evaluate SOC 2 reports, DPAs, security questionnaires, and subprocessor disclosures
• Negotiate and maintain contractual security terms and data protection obligations with vendors
• Respond to client-driven vendor due diligence requests from regulated industries
• Own the Firm's SOC 2 Type II program, including control maintenance, evidence collection, and auditor engagement
• Ensure alignment with ABA Formal Opinion 512, client contractual requirements, and applicable regulatory standards
• Manage cyber insurance processes, including underwriting submissions and renewal strategy
• Provide executive oversight of security architecture across Microsoft 365 and Azure
• Oversee Defender for Endpoint, Entra ID, Microsoft Purview, Conditional Access, and Secure Score
• Own and maintain the Firm's incident response program, including tabletop exercises and response coordination
• Serve as the Firm's primary cybersecurity advisor to executive leadership and the Management Committee
• Establish regular reporting on security posture, AI risk, vendor risk exposure, and program maturity
• Direct and mentor the Information Security Analyst and develop organizational security capability

Benefits

• Medical coverage
• Dental coverage
• Vision coverage
• 401(k) plan
• Additional benefits to help you prepare for retirement
• Free access to Employee Assistance Programs
• Other programs designed to help you and your family stay healthy, feel secure, and enjoy a positive work/life balance