Legal Staff Information Technology in Palo Alto, CA

Law Firm

Palo Alto, CA

Legal Staff Information Technology in Palo Alto, CA

Legal Staff

Min 7 yrs required

No

Job Title: Senior Director, Information Security and Risk Management

Job Responsibilities:
The Senior Director of Information Security & Risk Management at the law firm is tasked with overseeing and managing key components of the firm's information security and risk management program, supporting the Chief Information Security Officer (CISO). The role encompasses a wide range of responsibilities, including:

- Risk Management and Compliance:
- Lead firm-wide technology-related risk and compliance activities.
- Manage firm-wide records management operations.
- Support the risk management and compliance function.
- Oversee client audit request workflows and coordinate internal IT audits.
- Oversee the firm’s risk registry and corrective action plans.
- Manage data input into the Governance Risk & Compliance (GRC) system and generate compliance metrics reports.
- Track compliance remediation efforts and report discrepancies to the firm CIO & CISO.
- Maintain measures and metrics of risk related to the firm's security and IT posture.
- Ensure employee compliance with security and privacy training.
- Oversee risk assessments and incident response protocols.
- Ensure compliance with firm standards and regulations.
- Produce recommendations from risk evaluations that align with business needs.
- Communicate risk metrics to firm leadership.

- Security Engineering and Operations:
- Identify and implement emerging technologies to enhance firm practices for mitigating cyber risk.
- Oversee security and risk management systems and architecture.
- Manage investigations and responses to security events from both the Security Operations team and Security Operations Center (SOC).
- Coordinate the design, installation, testing, and maintenance of security enhancements.
- Improve the firm's security posture to mitigate threats.
- Oversee evaluation, selection, and implementation of security controls.
- Conduct regular meetings with firm leadership to review policy and procedure deficiencies.
- Drive remediation activities and track compliance deliverables.
- Oversee the product lifecycle and operations of security technologies.
- Evaluate the security of infrastructure, network, and system designs.
- Plan, coordinate, and drive changes to improve security.
- Maintain knowledge of client security and risk management needs.
- Stay current with emerging security technologies and trends, providing recommendations.
- Lead the incident response process.

Education and Experience Information:
- A minimum of 7 years of experience in leading information security programs is required.
- A Master’s degree is preferred.
- Experience in an AmLaw 50 law firm environment or professional services industry is advantageous.
- Strong communication skills for coordinating risk-related information effectively.
- Knowledge and experience in risk management and compliance reporting.
- Experience with GRC applications and metrics development.
- Proven ability to lead and motivate teams.
- Exceptional communication skills, especially in translating technical security concepts into business terms.
- Demonstrated ability to understand and address business security and risk management needs.
- Ability to identify technology-related risks and implement effective solutions.
- Strong analytical and problem-solving skills.
- Ability to visualize, plan, and execute process improvements.
- Extensive knowledge of network architecture and design.
- Relevant certifications such as CISSP, CISM, CISA, or similar are highly desirable.
- Significant expertise in relevant security and risk management frameworks and disciplines (., ISO 27001, NIST CSF, COBIT, etc.).

Salary Information:
The salary for the Senior Director position varies by location and is dependent on several factors, including the selected candidate’s qualifications, years of relevant experience, level of education, professional certifications, and work location. The anticipated pay range is:

- San Francisco and Silicon Valley: $447,100 - $604,900 per year
- Austin, Boston, Boulder, District of Columbia, Los Angeles, New York, San Diego, Seattle, and Wilmington: $402,390 - $544,410 per year
- Salt Lake City and all other locations: $357,000 - $483,000 per year

Compensation for this position may include a discretionary year-end merit bonus based on performance. The law firm offers a highly competitive salary and benefits package. Benefits information is available upon request. The law firm is an Equal Opportunity Employer (EOE).