We are seeking an experienced Director of Information Security to take ownership of the security strategy for a law firm. This role blends hands-on technical leadership with executive-level program management, driving the protection of critical technology assets while enabling business growth.
Responsibilities:
Develop, maintain, and enhance the firm's cybersecurity program in alignment with organizational objectives and confidentiality requirements.
Define, implement, and enforce policies, standards, and best practices to secure IT systems, applications, and data.
Proactively evaluate security risks through assessments, penetration testing, and continuous monitoring, and recommend mitigation strategies.
Lead response efforts for security incidents, including investigation, containment, remediation, and post-incident reporting.
Manage the security team, fostering skill development and adherence to industry best practices.
Partner with leadership to communicate risk posture, program effectiveness, and actionable recommendations.
Qualifications:
10+ years in IT and information security, including at least 4 years in a leadership capacity.
Deep understanding of industry standards and frameworks such as NIST, ISO 27001, and HIPAA.
Relevant certifications like CISSP, CISM, CISA, GIAC, CompTIA Security+, or GISO are highly valued.
Proven track record in managing security programs, guiding technical teams, and advising leadership on complex security challenges.