Download App | FOLLOW US ON SOCIAL MEDIA
 Upload Your Resume   Employers / Post Jobs 

Data Privacy Attorney in Seattle, WA

Cooley LLP Mar 07,2022 Jan 07,2022 Location Seattle WA
This job is expired...

Law Firm

Attorney

Data Privacy

Min 7 yrs required

Profile

Associate Director of Security The candidate will serve as the cyber security representative when the Director of Security and Information Governance is not available, including making cyber security decisions usually made by the Director of Security and Information Governance. Will lead operational security management activities and the security team to enhance the firm’s information security program in line with ISO 27001, ISO 27701, and CIS. Oversee a network of operational teams and vendors to safeguard the company's assets and be actively informed and engaged in daily security operations. Identify protection goals, objectives and metrics consistent with the corporate strategic plan. Manage the development and implementation of global security policies, frameworks, standards, guidelines and procedures to ensure the ongoing maintenance of security. Implement and maintain security controls that ensure the confidentiality, integrity, and availability of firm and client information. Work with firm management to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Maintain relationships with local, state, federal law enforcement and other related government agencies. Oversee incident response planning as well as the investigation of security breaches and assist with disciplinary and legal matters associated with such breaches as necessary. Articulate the economic, security, cultural and business consequences of changes to existing technical architecture. Act as a liaison to ensure cybersecurity practices are built into business unit initiatives for the entire lifecycle. Be actively informed and engaged in security projects across the business and ensure business projects are focused on cybersecurity from the beginning. Enforce the strong security culture set forth by the Information Security and Privacy Forum, ensuring uniformity across security leadership, business units and employees. Foster strong relationships with internal business units and excel in cybersecurity communication. Advise business units on enterprise-wide people, process and technology security recommendations. Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units. In conjunction with security and business leaders, define key performance indicators (KPIs) and metrics aligning with business initiatives and deliver them to non-technical teams in terms that are accessible and comprehensible. Monitor security compliance as it relates to changes in legislation. Work with the office of general counsel to ensure security practices meet jurisdictional compliance. Serve as the physical security and business continuity representative when the Director of Security and Information Governance is not available, including making physical security and business continuity decisions usually made by the Director of Security and Information Governance. Provide disaster recovery and business continuity planning advice when working with leaders for business and cybersecurity resiliency. Lead operational physical security management and business continuity activities and the physical security and business continuity teams to enhance the program in line with ISO 27001, ISO 27701, CIS and ISO 23301. Build relationships with business leaders, Directors of Administration, Regional Directors, technical teams, governance and third parties to incorporate physical security, availability, recovery needs, office security, safety planning, and events to promote security and safety of personnel. Facilitate meetings with key stakeholders to assess strengths and weaknesses in the program and ensure adequate resources are allocated to the most critical functions needing attention. Present the current state of physical security and recovery capabilities to senior management and stakeholders, and seek their approval as well as acceptance of feedback and required changes. Lead, direct and develop less experienced staff members and technical teams to elevate their knowledge and capabilities of physical security and BC/DR. Define, create and socialize BC planning and recovery policies signed off by senior leadership. Ensure senior management holds business units accountable for their roles and obligations in physical security and BC/DR. Work with stakeholders, crisis management and incident response teams to define benchmarks and metrics to align the program with expectations and set it up for success. Oversee the structure and management of assigned areas to effectively meet the need of attorneys and clients, incorporating recommendations for delivery of legal services in the context of a constantly changing and competitive environment. Develop and coordinate orientation and training programs for department personnel to ensure that the group receives the training necessary for the firm’s needs and that employees receive developmental opportunities and mentorship. In consult with HR, make recommendations/suggestions for hiring, termination, counseling, advancement, promotion or other status change regarding employees in their department. Attend meetings and workshops, and seek additional opportunities for professional development, as appropriate. Develop, evaluate and implement long and short-term goals and objects for assigned areas/departments. Recommend, plan, implement, administer and evaluate the effectiveness of services and resources of both departments. Provide annual budget figures for departmental support, training, travel, staff development and all related project work. Participate in routine financial modeling, budgeting and financial forecasts. Supply technology road maps and program assessment to assist with long-term budgeting of IS initiatives. Develop and implement departmental policies and procedures to ensure uniform compliance with all firm policies, especially risk management. Determine temp personnel needs and work with HR in placement. All other duties as assigned or required.

Qualification and Experience

The candidate should have CISSP or equivalent certifications and/or experience. Must have Bachelor’s degree. Should have 7+ years of cybersecurity management experience with at least 8+ years in an operationally focused security practitioner role. Must have 3 years of experience working with business leaders and with some fiscal responsibilities. Applicable knowledgeable with the EU’s General Data Protection Regulation (GDPR), National Institute of Technology (NIST) standards, California Consumer Privacy Act (CCPA), International Standards Organization (ISO) standards, Health Information Portability and Accountability Act (HIPAA), New York Department of Financial Services (NYDFS) regulations and frameworks, etc. is needed. Must have experience managing teams responsible for and working on: Cisco routing/switching equipment; Active Directory and NTFS; Firewalls; Intrusion Detection and Prevention Systems; Antivirus programs and management console; Web filter/proxy technologies; Encryption technologies – the whole disk, e-mail, and data at rest; Patch management systems both Microsoft WSUS and a third party; Vulnerability scanners; Forensic tools; Penetration testing tools; Data loss prevention; Email gateways and anti-spam services; Mobile device management; Privileged account management systems; Security information and event management systems; Two-factor authentication systems; M365 and Microsoft’s cloud security suite; Zero Trust/Conditional Access technologies; Physical security access and video monitoring systems; Backup technologies; Mass notification systems. Demonstrated experience evaluating the security posture of vendors and system architecture is needed. Prior experience implementing and managing incident management programs and systems is required. Must have prior experience managing vendor relationships. Should have project management experience. Required to participate in a 7x24 on-call rotation. Prior law firm experience is preferred. Should preferably have Bachelor’s degree in Information Technology or Computer Information Systems. Experience working with the following products: Cisco routers, switches, and ASA firewalls; Palo Alto Network’s firewalls and Intrusion Prevention Systems; Microsoft SCCM; Nexpose Vulnerability Scanner; BitLocker; VMWare; Websense Web Filtering and Data Loss Prevention; Proofpoint Email Gateway and Anti-Spam; AccessData or Encase Forensic Tools; S/MIME email encryption; MobileIron/InTune; Thycotic Secret Server; Crowdstrike/Malwarebytes; Microsoft AOVPN; Log mgmt. systems; Microsoft MFA; VMWare Site Recovery; Genetec Access Card and Video Monitoring systems; Send Word Now is preferred. Experience implementing or managing ISO 27000 is desired.

Additional info

Req 2322

Company info