Head of Information Security (CISO)
Employment Type: Full-Time/Direct Hire
Workplace Type: Hybrid (Flexible Schedule; 1 - 3 Days Onsite)
Location: Los Angeles, San Francisco, Washington DC
Industry: Law Firm
Salary Range: $160,000- $280,000 + Discretionary Annual Bonus
SUMMARY:
Reporting to the CIO, the Head of Information Security will play a critical role in sculpting the direction of the firm's cybersecurity strategy and leading the Information Security team. As a leader in information security within the legal industry, this position will frequently engage with the firm's top partners and General Counsel. Our client is looking for a hands-on security leader who can provide strategic oversight, vision, and enhancement of the firm's overall security posture and ensure that our client remains at the forefront of cybersecurity.
DUTIES & RESPONSIBILITIES:
Strategic Leadership:
- Develop and implement an information security strategy in alignment with the firm's business objectives.
- Work closely with the CIO to define and refine the security vision, ensuring it remains current and effective in mitigating emerging threats.
- Serve as a key advisor to senior leadership, including partners and the General Counsel, on all matters related to information security.
Team Management:
- Lead, mentor, and manage a team of information security professionals and foster a culture of continuous learning and improvement.
- Oversee the recruitment, development, and retention of talent within the information security team.
- Ensure that the team is equipped with the latest tools and knowledge to effectively manage and respond to security incidents.
Cybersecurity Operations:
- Oversee the deployment, management, and optimization of security solutions, including, but not limited to:
- Endpoint Detection and Response (EDR)
- System Information and Event Logging (SIEM)
- Identity and Access Management (IAM)
- Data Loss Prevention (DLP)
- Vulnerability Management
- Monitor the Firm's cybersecurity landscape, identifying potential vulnerabilities and mitigating risks proactively.
- Lead the response to any security incidents, coordinating with internal and external stakeholders to ensure swift resolution.
Policy Development & Compliance:
- Develop, implement, and enforce security policies, standards, and procedures that align with internal and external requirements.
- Ensure the firm's compliance with all relevant laws, regulations, and industry standards, including, but not limited to: ISO 27001, GDPR, CCPA, and client guidelines.
- Lead audits, assessments, table-top exercises, and penetration test responses to ensure compliance and identify areas for improvement.
- Manage the firm's security awareness and training program.
Stakeholder Engagement:
- Regularly interact with top partners and the General Counsel to communicate risks, propose solutions, and report on the status of the firm's information security program.
- Act as a liaison between the Information Security team and other departments within the firm to ensure a unified approach to security.
- Build and maintain relationships with external security partners, vendors, and consultants to enhance the firm's security capabilities.
Innovation & Continuous Improvement:
- Stay abreast of the latest developments in information security and ensure the firm's practices remain cutting-edge.
- Foster a culture of continuous improvement within the information security team.
#J-18808-Ljbffr