Job Description
Head of Information Security
Position Type: Full Time
Exempt
Hybrid Flexible (Up to 1 - 3 Days Onsite)
Location: Los Angeles OR San Francisco OR Washington DC
Salary Range: $157,500.00 - $277,500.00*
* The salary range is the one that Munger, Tolles & Olson LLP reasonably expects to pay for this position. The salary range does not guarantee, obligate, nor set expectations of an applicant’s wage in the event of hire. The posted range is only one component of Munger, Tolles & Olson LLP’s Total Rewards package.
-------------
The Head of Information Security will play a pivotal role in sculpting the direction of the firm's cybersecurity strategy. Reporting to the CIO, this individual will lead the Information Security team and will engage regularly with top partners and the General Counsel. As a leader in information security within the legal industry, the firm seeks a visionary and hands-on professional who can drive forward our security posture, ensuring that we remain at the forefront of cybersecurity.
Job Functions & Responsibilities
Strategic Leadership:
- Develop and implement an information security strategy in alignment with the firm's business objectives.
- Work closely with the CIO to define and refine the security vision, ensuring it remains current and effective in mitigating emerging threats.
- Serve as a key advisor to senior leadership, including partners and the General Counsel, on all matters related to information security.
Team Management:
- Lead, mentor, and manage a team of information security professionals and foster a culture of continuous learning and improvement.
- Oversee the recruitment, development, and retention of talent within the information security team.
- Ensure that the team is equipped with the latest tools and knowledge to effectively manage and respond to security incidents.
Cybersecurity Operations:
- Oversee the deployment, management, and optimization of security solutions, including, but not limited to:
- Endpoint Detection and Response (EDR)
- System Information and Event Logging (SIEM)
- Identity and Access Management (IAM)
- Data Loss Prevention (DLP)
- Vulnerability Management
- Monitor the Firm's cybersecurity landscape, identifying potential vulnerabilities and mitigating risks proactively.
- Lead the response to any security incidents, coordinating with internal and external stakeholders to ensure swift resolution.
Policy Development & Compliance:
- Develop, implement, and enforce security policies, standards, and procedures that align with internal and external requirements.
- Ensure the firm’s compliance with all relevant laws, regulations, and industry standards, including, but not limited to: ISO 27001, GDPR, CCPA, and client guidelines.
- Lead audits, assessments, table-top exercises, and penetration test responses to ensure compliance and identify areas for improvement.
- Manage the firm’s security awareness and training program.
Stakeholder Engagement:
- Regularly interact with top partners and the General Counsel to communicate risks, propose solutions, and report on the status of the firm’s information security program.
- Act as a liaison between the Information Security team and other departments within the firm to ensure a unified approach to security.
- Build and maintain relationships with external security partners, vendors, and consultants to enhance the firm's security capabilities.
Innovation & Continuous Improvement:
- Stay abreast of the latest developments in information security and ensure the firm’s practices remain cutting-edge.
- Foster a culture of innovation within the security team and encourage the exploration and adoption of new tools and methodologies.
- Lead initiatives to enhance the firm’s cybersecurity posture, including threat intelligence, advanced analytics, and automated response mechanisms.
Tools
- Proficiency with Microsoft Office Word, Excel, PowerPoint, and Visio is required.
- Proficiency with Microsoft 365 (e.g., Microsoft SharePoint, Teams, and OneDrive) and document management systems is desired.
- Proficiency with project management and collaboration tools is desired.
Minimum Job Qualifications
- Bachelor’s degree in information technology, information security, or a related field is preferred.
- Experience in a law firm or legal environment working directly with attorneys and senior management.
- CISSP, CISSM or other relevant certifications in Information Security.
- Strong knowledge of cybersecurity frameworks, standards, and best practices.
- Familiarity dealing with outside counsel guidelines.
- Excellent analytical and problem-solving skills, with the ability to work independently and as part of a team.
- Strong communication and interpersonal skills, with the ability to interact effectively with technical and non-technical staff.
Physical Demands
- Writing, typing, reading, speaking, hearing, seeing, sitting, bending, reaching.
Working Conditions
- The position is primarily remote, with occasional in-office visits as required. Candidates must be located within a commutable distance to one of our offices.
- Quiet office environment in a high-rise building, seated the majority of the time.
Direct Reports
Competencies
- Communicates effectively: Developing and delivering multi-mode communications that convey a clear understanding of the unique needs of different audiences.
- Being resilient: Rebounding from setbacks and adversity when facing difficult situations.
- Collaborates: Building partnerships and working collaboratively with others to meet shared objectives.
- Instills trust: Gaining the confidence and trust of others through honesty, integrity, and authenticity.
- Customer focus: Building strong customer relationships and delivering customer-centric solutions.
- Drives results: Consistently achieving results, even under tough circumstances.
- Situational adaptability: Adapting approach and demeanor in real time to match the shifting demands of different situations.
- Manages ambiguity: Operating effectively, even when things are not certain or the way forward is not clear.
- Plans and aligns: Planning and prioritizing work to meet commitments aligned with organizational goals.
- Optimizes work processes: Knowing the most effective and efficient processes to get things done, with a focus on continuous improvement.
The Head of Information Security role is an amazing opportunity available on our team of professionals at Munger, Tolles & Olson, LLP! We offer competitive pay, benefits and an opportunity to make an impact in today’s world.
-------------
We are a talent-first Firm and are always looking for great people. We encourage you to apply even if the level of this position is not an exact match to your qualifications. This may not guarantee your placement into the opening; however, it is always worth exploring if there is an opportunity for the future.
-------------
About Munger, Tolles & Olson
Munger, Tolles & Olson has been consistently ranked on The American Lawyer’s A-List since its inception in 2004, including nine years in the top spot. We strive to hire only the most qualified and creative lawyers. We believe that clerkships provide valuable experience. In this regard, about 80% of our attorneys served as law clerks to federal or state judges and sixteen attorneys were clerks to U.S. Supreme Court Justices. We recruit and retain the best professional talent to support our Attorneys with a focus on service and excellence. We have a full spectrum of functional positions including Information Technology, Information Security, Accounting, Human Resources, Legal Support, and Marketing.
-------------
MTO is an equal opportunity employer and does not discriminate in employment on the basis of race, including but not limited to hair texture and protective hairstyles (for example, braids, locks, and twists), color, ethnicity, religion, gender, gender identity or expression, pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth and breastfeeding, marital or domestic partner status, parental or family care status, national origin, ancestry, age, sexual orientation, disability or medical condition, genetic characteristic, political affiliation, military or veteran status, or any other characteristic protected by federal, state or local law. It is the policy of Munger, Tolles & Olson LLP to prohibit discrimination, unlawful harassment (including sexual harassment), and retaliation. This commitment prohibits such conduct by any individual involved in MTO’s operations and by anyone doing business with or on behalf of Munger, Tolles & Olson LLP.
-------------
Munger, Tolles & Olson LLP (MTO) does not accept unsolicited resumes from 3rd parties or agencies. Any unsolicited resumes and profiles received from 3rd parties or agencies will be considered property of MTO and no fees will be due or paid. If you wish to become an approved Agency with MTO, please contact a member of the MTO Talent Acquisition Team.
#J-18808-Ljbffr