Head of Information Security (CISO)
Employment Type: Full-Time/Direct Hire
Workplace Type: Hybrid (Flexible Schedule; 1 - 3 Days Onsite)
Location: Los Angeles, San Francisco, Washington DC
Industry: Law Firm
Salary Range: $160,000- $280,000 + Discretionary Annual Bonus
SUMMARY:
Reporting to the CIO, the Head of Information Security will play a critical role in sculpting the direction of the firm's cybersecurity strategy and leading the Information Security team. As a leader in information security within the legal industry this position will frequently engage with the firm's top partners and General Counsel. Our client is looking for a hands-on security leader who can provide strategic oversight, vision, and enhancement of the firm's overall security posture and ensure that our client remains at the forefront of cybersecurity.
DUTIES & RESPONSIBILITIES:
Strategic Leadership:
- Develop and implement an information security strategy in alignment with the firm's business objectives.
- Work closely with the CIO to define and refine the security vision, ensuring it remains current and effective in mitigating emerging threats.
- Serve as a key advisor to senior leadership, including partners and the General Counsel, on all matters related to information security.
Team Management:
- Lead, mentor, and manage a team of information security professionals and foster a culture of continuous learning and improvement.
- Oversee the recruitment, development, and retention of talent within the information security team.
- Ensure that the team is equipped with the latest tools and knowledge to effectively manage and respond to security incidents.
Cybersecurity Operations:
- Oversee the deployment, management, and optimization of security solutions, including, but not limited to:
- Endpoint Detection and Response (EDR)
- System Information and Event Logging (SIEM)
- Identity and Access Management (IAM)
- Data Loss Prevention (DLP)
- Vulnerability Management
- Monitor the Firm's cybersecurity landscape, identifying potential vulnerabilities and mitigating risks proactively.
- Lead the response to any security incidents, coordinating with internal and external stakeholders to ensure swift resolution.
Policy Development & Compliance:
- Develop, implement, and enforce security policies, standards, and procedures that align with internal and external requirements.
- Ensure the firm's compliance with all relevant laws, regulations, and industry standards, including, but not limited to: ISO 27001, GDPR, CCPA, and client guidelines.
- Lead audits, assessments, table-top exercises, and penetration test responses to ensure compliance and identify areas for improvement.
- Manage the firm's security awareness and training program.
Stakeholder Engagement:
- Regularly interact with top partners and the General Counsel to communicate risks, propose solutions, and report on the status of the firm's information security program.
- Act as a liaison between the Information Security team and other departments within the firm to ensure a unified approach to security.
- Build and maintain relationships with external security partners, vendors, and consultants to enhance the firm's security capabilities.
Innovation & Continuous Improvement:
- Stay abreast of the latest developments in information security and ensure the firm's practices remain cutting-edge.
- Foster a culture of innovation within the security team and encourage the exploration and adoption of new tools and methodologies.
- Lead initiatives to enhance the firm's cybersecurity posture, including threat intelligence, advanced analytics, and automated response mechanisms.
QUALIFICATIONS:
- Bachelor's degree in information technology, information security, or a related field is preferred.
- Experience in a law firm or legal environment working directly with attorneys and senior management.
- CISSP, CISSM or other relevant certifications in Information Security.
- Strong knowledge of cybersecurity frameworks, standards, and best practices.
- Familiarity dealing with outside counsel guidelines.
- Excellent analytical and problem-solving skills, with the ability to work independently and as part of a team.
- Proficiency with Microsoft Office Word, Excel, PowerPoint, and Visio is required
- Proficiency with Microsoft 365 (e.g., Microsoft SharePoint, Teams, and OneDrive) and document management systems is desired
- Proficiency with project management and collaboration tools is desired
- Strong communication and interpersonal skills, with the ability to interact effectively with technical and non-technical staff.
- Ability to develop and deliver multi-mode communications that convey a clear understanding of the unique needs of different audiences.
- Strong background building partnerships and working collaboratively with others to meet shared objectives.
- Ability to develop strong customer relationships and deliver customer-centric solutions.
- Possess a result driven mindset, including consistently achieving results, even under tough circumstances.
All qualified applicants will receive consideration for employment without regard to race, color, national origin, age, ancestry, religion, sex, sexual orientation, gender identity, gender expression, marital status, disability, medical condition, genetic information, pregnancy, or military or veteran status. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws, including the California Fair Chance Act, City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, and Los Angeles County Fair Chance Ordinance. To the extent our customers require a background check for certain positions, the Company faces a significant risk to its business operations and business reputation unless a review of criminal history is conducted for those specific job positions.