Legal Staff Information Technology in Washington, DC

Law Firm

Washington, DC

Legal Staff Information Technology in Washington, DC

Legal Staff

8-8 yrs required

No

Job Title: Senior IT Security Engineer, Governance Risk & Compliance, Data Protection and Privacy Support

Job Responsibilities:

The Senior IT Security Engineer in Governance Risk & Compliance, Data Protection and Privacy Support, plays a vital leadership role within the law firm's IT Security team. The primary objective is to ensure the firm meets its security goals, adheres to regulatory requirements, and maintains high standards in data protection and privacy. Key responsibilities include:

Governance, Risk & Compliance Leadership:
- Lead the development and maintenance of enterprise security documents such as policies, standards, baselines, guidelines, and procedures under the guidance of the IT Security Manager.
- Oversee the planning, design, testing, and maintenance of the law firm's Incident Response Plan, ensuring alignment with Governance, Risk, and Compliance (GRC) objectives.
- Drive the implementation and maintenance of the firm's ISO 27001 Certification program.
- Take charge of client audits and third-party supplier security assessments, ensuring compliance with security standards.
- Guide the strategic planning and design of the firm's enterprise security architecture, focusing on GRC requirements.

Data Protection and Privacy Support:
- Develop and implement strategies for data protection and privacy, ensuring compliance with regulations such as GDPR and CCPA.
- Collaborate with legal, compliance, and privacy teams to ensure privacy policies and practices align with regulatory requirements.
- Monitor and assess data protection measures, recommending improvements to enhance privacy and security.
- Provide training and support to staff on data protection and privacy best practices.

Expertise in Cybersecurity and Artificial Intelligence:
- Maintain advanced knowledge of the IT security industry, including awareness of new security solutions, improved processes, and emerging threats.
- Recommend and implement additional security solutions or enhancements, utilizing Artificial Intelligence where applicable.
- Oversee the deployment, integration, and initial configuration of new security solutions, ensuring adherence to GRC standards.

Operational Management:
- Ensure up-to-date baselines for the secure configuration and operation of all devices, ensuring compliance with GRC policies.
- Monitor security solutions for efficient operations, focusing on risk management.
- Review logs and reports, interpreting implications for GRC compliance and devising resolution plans.
- Lead investigations into problematic activities, designing and executing vulnerability assessments, penetration tests, and security audits.
- Provide on-call support for end users and IT staff for security-related issues, ensuring GRC adherence.

Education and Experience Information:

Qualifications:
- Over 5 years of experience in configuring and maintaining network security tools.
- Minimum of 8 years of experience in information security governance, including policy and procedure development, security assessments, and incident response.
- Proven expertise in Cybersecurity, Data Protection & Integrity, Privacy, and Artificial Intelligence.
- Extensive experience in leading client audits and third-party supplier security assessments.
- Experience in the legal, financial, or business services industries is preferred.
- Strong understanding of Access Control Management and familiarity with encryption tools and concepts.

Education & Certifications:
- Bachelor’s degree in computer science, cybersecurity, or a related field; an advanced degree is preferred, or equivalent work experience.
- Relevant certifications such as CISSP, CISM, CompTIA Security+, CompTIA Network+, Microsoft Certifications, ITIL Foundations.

Leadership Skills:
- Demonstrates outstanding leadership, teamwork, and client service, with the ability to lead security assessments and audits.
- Ability to adapt to shifting priorities, demands, and timelines in a high-pressure environment through analytical and problem-solving capabilities.

Communication Skills:
- Ability to translate technical details into descriptions the client can understand; adjusts content of written/verbal communication to the audience.
- Adept at conducting research into security project-related issues and products, with a focus on GRC compliance.

Additional Requirements:
- Ability to adapt to flexible work hours, travel occasionally, and respond to security-related issues on a 24x7 basis.
- Coordinate multiple, simultaneous projects with multiple vendors and other personnel in a dynamic, evolving environment.

Salary Information:

Compensation and Benefits:

The expected salary ranges for this position are as follows:
- California Major Markets: $128, - $180,
- New York City: $143, - $180,
- National: $116, - $148,

California Major Markets include San Francisco, Silicon Valley, Los Angeles, Orange County, Santa Monica. Other California locations fall within the National range.

The law firm is committed to providing a comprehensive, competitive, and thoughtful total compensation package to attorneys and staff, wherever they work. The compensation and benefits information is based on the law firm’s estimate as of the date of publication and may be modified in the future. The level of pay within the range will depend on various job-related factors, including qualifications, experience, skills, expertise, and geography. Other compensation may include an annual discretionary merit bonus, determined by the firm and individual performance.

The law firm offers a full range of elective health benefits including medical, dental, vision, and life; robust mental well-being programs; child, family, elder, and pet care benefits; short- and long-term disability and industry-leading parental leave benefits, health savings account contributions (with applicable medical plan), flexible spending accounts, and a 401K program. This role will receive compensated time off through the Flexible Time Off program and paid holidays.

The law firm is an Equal Opportunity Employer. Consistent with the SF Fair Chance Ordinance, an arrest and conviction record will not automatically disqualify a qualified applicant from consideration. Qualified applicants with criminal histories will be considered for the position in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring.