Information Security Manager

Axinn Veltrop & Harkrider LLP•Washington, DC

15h•$160,000 - $175,000•Hybrid

About The Position

Incisive. Inclusive. Invested. We’re Axinn. Experienced, tenacious, and always trial-ready, we are committed to understanding complex legal challenges that impact the future of our clients' businesses, globally. Focusing on antitrust, intellectual property, and high-stakes litigation, our extensive teams in the U.S. possess deep knowledge and client-side experience across a range of sectors, including technology, healthcare, life sciences, and consumer products. At Axinn, inclusivity is central to who we are. We have a purpose that goes beyond profit, which includes fostering a fair, welcoming workplace and supporting the communities where we live and work. We actively recognize talent and promote opportunities for all team members. By embracing the unique experiences and perspectives of our people, we fuel creativity and deliver results for our clients. The Firm’s Manager of Information Security is responsible for developing, implementing, and maintaining a comprehensive information security program to protect the firm’s data, systems, and client information. This role ensures the confidentiality, integrity, and availability of all information assets across the firm’s technology and operational infrastructure. The position involves close collaboration with IT leadership, legal professionals, and firm management to maintain compliance with client, regulatory, and industry standards. The position will serve as a strategic advisor to leadership, a hands-on technical manager, and a mentor to security staff, ensuring the Firm’s success in a highly evolving threat landscape.

Requirements

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field required (advanced degrees are preferred)
Minimum 7–10 years of progressive IT and information security experience, with at least 3 years in a leadership role
Proven expertise with security frameworks and standards such as NIST, ISO 27001, and HIPAA
Strong understanding of law firm technology environments, including document management systems, practice management tools, cloud-based platforms, and eDiscovery systems
Demonstrated ability to lead incident response, risk management, and compliance efforts
Excellent interpersonal and communication skills, both verbal and written, with experience presenting complex security topics to senior leadership and non-technical stakeholders
Effective time management skills, with the ability to handle a variety of tasks simultaneously and manage multiple projects while prioritizing assignments
Ability to build rapport with attorneys, professional staff, and vendors
Self-motivated, with the ability to work independently but within a team environment
Exceptional critical thinking and problem-solving skills, along with the demonstrated ability to be a change/thought leader within the organization

Nice To Haves

CISSP, CISM, CISA, GIAC, COMPTia Security+, GISO, certifications are a plus
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field required (advanced degrees are preferred)

Responsibilities

Develop and maintain the firm’s information security policies, standards, and procedures.
Develop, implement, and maintain a comprehensive information security program that aligns with the firm’s strategic objectives and client confidentiality obligations
Establish metrics to monitor program effectiveness and present updates to Firm leadership
Assess and manage cybersecurity risks; conduct vulnerability assessments and penetration testing
Lead incident response efforts, including investigation, remediation, and reporting
Develop playbooks and run regular tabletop exercises to ensure readiness
Ensure compliance with NIST, ISO, HIPAA, and client confidentiality obligations
Oversee (develop and maintain) security policies, procedures, training, and awareness programs for attorneys and staff
Manage security tools (firewalls, endpoint protection, SIEM, IAM, etc.)
Collaborate with IT, Legal, and Compliance teams on security integration, vendor oversight, and cloud management
Conduct regular risk assessments and vulnerability testing; manage mitigation and remediation efforts while presenting findings and reports to leadership
Manage and mentor security staff
Other duties as assigned.

Benefits

Competitive starting pay and annual discretionary bonus and raise eligibility
Generous paid time off benefits (vacation, personal days, holidays, and sick leave)
Firm paid short and long-term disability, plus life and accident insurance
401(k) Profit Sharing Plan and Cash Balance Retirement Plan with generous employer contributions (please ask for further details re: eligibility requirements)
Comprehensive medical, dental, and vision insurance options
Flexible spending and health savings accounts (medical plan dependent)
Firm paid comprehensive Employee Assistance Program (EAP)
Student loan refinancing discounts
Lifestyle reimbursement program
Hybrid remote work schedules are available for most employees (per current policy, in-office presence is required at least 3-days per week and fully remote roles are not available)