Job Title: Senior IT Security Engineer, Governance Risk & Compliance, Data Protection and Privacy Support
Job Responsibilities:
The Senior IT Security Engineer is a pivotal leader within the law firm's IT Security team, responsible for ensuring the firm adheres to security objectives, regulatory compliance, and maintains strong data protection and privacy standards. This role involves spearheading efforts in client audits, third-party supplier security assessments, and supporting data protection and privacy initiatives across the organization. Key responsibilities include:
- Governance, Risk & Compliance Leadership:
- Leading the creation and maintenance of enterprise security documents, including policies, standards, baselines, guidelines, and procedures, under the direction of the IT Security Manager.
- Overseeing the planning, design, testing, and maintenance of the firm's Incident Response Plan, ensuring it aligns with GRC objectives.
- Driving the planning, implementation, and maintenance of the firm's ISO 27001 Certification program.
- Leading client audits and third-party supplier security assessments to ensure thorough evaluation and compliance with security standards.
- Guiding strategic planning and design of the firm's enterprise security architecture with a focus on GRC requirements.
- Data Protection and Privacy Support:
- Developing and implementing strategies for data protection and privacy, ensuring compliance with regulations like GDPR and CCPA.
- Collaborating with legal, compliance, and privacy teams to align privacy policies and practices with regulatory requirements.
- Monitoring and assessing data protection measures, recommending improvements to enhance privacy and security.
- Providing training and support to staff on data protection and privacy best practices.
- Expertise in Cybersecurity and Artificial Intelligence:
- Maintaining advanced knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and emerging threats.
- Recommending and implementing additional security solutions or enhancements to improve overall enterprise security, leveraging Artificial Intelligence where applicable.
- Overseeing the deployment, integration, and initial configuration of new security solutions and enhancements, ensuring adherence to GRC standards.
- Operational Management:
- Ensuring up-to-date baselines for the secure configuration and operation of all in-place devices, ensuring compliance with GRC policies.
- Monitoring in-place security solutions for efficient and appropriate operations, focusing on risk management.
- Reviewing logs and reports of in-place devices, interpreting implications for GRC compliance, and devising plans for appropriate resolution.
- Leading investigations into problematic activity and designing and executing vulnerability assessments, penetration tests, and security audits.
- Providing on-call support for end users and other IT staff for security-related issues, ensuring GRC adherence.
Education and Experience Information:
- A minimum of 5+ years of experience in configuring and maintaining network security tools.
- At least 8 years of experience in information security governance, including policy and procedure development, security assessments, and incident response.
- Proven expertise in Cybersecurity, Data Protection & Integrity, Privacy, and Artificial Intelligence.
- Extensive experience in leading client audits and third-party supplier security assessments.
- Experience in the legal, financial, or business services industries is preferred.
- Strong understanding of Access Control Management and familiarity with encryption tools and concepts.
Education & Certifications:
- Bachelor’s degree in computer science, cybersecurity, or a related field; advanced degree preferred, or equivalent work experience.
- Relevant certifications such as CISSP, CISM, CompTIA Security+, CompTIA Network+, Microsoft Certifications, ITIL Foundations.
Leadership Skills:
- Demonstrates outstanding leadership, teamwork, and client service, with the ability to lead security assessments and audits.
- Ability to conform to shifting priorities, demands, and timelines in a high-pressure environment through analytical and problem-solving capabilities.
Communication Skills:
- Translates technical details into descriptions the client can understand; adjusts content of written/verbal communication to the audience.
- Adept at conducting research into security project-related issues and products, with a focus on GRC compliance.
Additional Requirements:
- Ability to adapt to flexible work hours, travel occasionally, and respond to security-related issues on a 24x7 basis.
- Coordinate multiple, simultaneous projects with multiple vendors and other firm personnel in a dynamic, evolving environment.
Salary Information:
The expected salary ranges for this position are as follows:
- California Major Markets: $128, - $180,
- New York City: $143, - $180,
- National: $116, - $148,
*California Major Markets includes San Francisco, Silicon Valley, Los Angeles, Orange County, Santa Monica. All other California locations fall within the National range.
The law firm is committed to providing a comprehensive, competitive, and thoughtful total compensation package to its attorneys and staff, wherever they work. This compensation and benefits information is based on the firm's estimate as of the date of publication and may be modified in the future. The level of pay within the range will depend on a variety of job-related factors that may include, but are not limited to, qualifications, relevant experience or education, particular skills or expertise, and geography. Other compensation may include an annual discretionary merit bonus, which would be determined by firm and individual performance.
The firm offers a full range of elective health benefits including medical, dental, vision, and life; robust mental well-being programs; child, family, elder, and pet care benefits; short- and long-term disability and industry-leading parental leave benefits, health savings account contributions (with applicable medical plan), flexible spending accounts, and a 401K program. This role will receive compensated time off through the firm's Flexible Time Off program and paid holidays.
