Program Manager - Insider Risk & Physical Security
About The Position
The Program Manager for Insider Risk & Physical Security is a key member of Orrick’s security team, reporting to the Director of Threat Response Operations and collaborating daily with IT Security, Site Leadership, Site IT, HR, and Events. The role primarily focuses on security of the firm’s business operations and client information. Some travel to Orrick sites is required. The PM position must exercise discretion and independent judgment to identify, investigate, and mitigate physical or insider security risk as well as to develop security protocols and implement new practices across geographically dispersed sites.
Requirements
- 5 or more years in an insider threat or physical security role.
- Demonstrated experience maturing an insider risk or physical security program.
- Ability to build rapport and execute across cross-functional teams spanning 27 global sites.
- Demonstrated experience using security tools to detect and respond to threat.
- Ability to exercise discretion and confidentiality.
Nice To Haves
- Experience with Risk Assessments and/or Compliance a plus.
- Associate or bachelor’s degree in relevant field a plus.
- Industry certifications a plus.
Responsibilities
- Advance initiatives that support the firm’s insider risk and physical security program. Recommend and lead physical security and insider risk projects that reduce the firm’s risk.
- Design and build support for an end-to-end physical security program and end-to-end insider risk program, including strategy, roadmap, policy, and playbooks. Drive continuous maturity improvements that align with industry-recognized frameworks.
- Play the key role in organizing and executing cross-functional workstreams that may include workflows focused on leaver/joiner risk, privileged role risk, and traveler safety.
- Lead investigations of potential security incidents related to insider or physical threat. Personally draft and maintain clear documentation of investigations or incidents. Ensure follow-up on physical or insider risk investigations or incidents.
- Design and personally handle daily, weekly, monthly, and quarterly monitoring of key risk reporting systems and program KPIs. Lead quarterly all-site safety calls.
- Shape and use the insider risk technology stack for monitoring, case management, forensics, and analytics. Collaborate with engineers to design and operationalize detection capabilities of indicators of insider threat.
- Shape and use the physical security stack for monitoring, case management, forensics, and analytics. Collaborate with engineers and on-site teams to design and operationalize physical security technology including badges, video, and guest management systems.
- Collaborate with training team to offer threat expertise and maintain up-to-date training initiatives that promote a security-conscious culture.
- Build cybersecurity skills to supplement team response during elevated cybersecurity incidents.
- Gain skills to respond to cybersecurity alerts and requests as part of a 24/7 on-call team.
Benefits
- medical
- dental
- vision
- life
- mental well-being programs
- child, family, elder, and pet care benefits
- short- and long-term disability
- parental leave benefits
- health savings account contributions (w/applicable medical plan)
- flexible spending accounts
- 401K program
- Flexible Time Off program
- paid holidays
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
Associate degree
