Director, Information Security
Posted on: February 26, 2021
Tracking Code 1397-437 Job Description JOB SUMMARYThe Director,
Information Security is responsible for directing IS strategy and
activities related to information security. The Director provides
leadership and direction to a team responsible for designing and
implementing an overall enterprise security strategy, program, and
architecture that minimizes information related to loss and meets
client and regulatory requirements. Develops, monitors and
implements firm-wide information security policies to ensure that
appropriate access to, and the confidentiality of firm, client and
private information is maintained. Conducts information risk
assessments as an integral part of business planning involving
General Counsel, internal specialists and business owners as the
need arises. Serves as a liaison to firm clients in all matters of
information security including completion of client audits and
review of RFPs and outside counsel guidelines. Leads and
coordinates the firm's tactical and operational response to
information security incidents. Identifies and reports on
information security incidents to firm management. Manages
organizational risk by ensuring the protection of the enterprise
infrastructure with a layered system of technical defenses
including firewalls, intrusion detection and prevention, antivirus,
and content monitoring. Provides risk review and approval of
changes to systems, applications and facilities. Leads the
evaluation and recommendation of security products, services and/or
procedures to enhance productivity and effectiveness. Leads risk
assessments of firm vendors and solution providers. Lead all
aspects of and conducts security awareness programs and provides
education on security policies and practices.Ensures that staff
members are providing quality service to internal
members/departments of the Firm as well as external clients and
vendors by displaying professionalism via electronic and print
correspondence, over the telephone and in-person and by encouraging
an atmosphere that rewards a "can do" attitude.PRINCIPAL DUTIES AND
- Manages Information Security staff, including scheduling,
performance evaluation, salary recommendation and related personnel
- Identifies areas of risk to firm, client and private
information and leads risk assessments to determine appropriate
remediation, serving as a liaison to General Counsel in this
- Works directly with firm clients to address information
security concerns and complete written and in-house security
audits, negotiating and implementing requested security training
and technical measures.
- Works with the business to review Outside Counsel Guidelines
and Requests for Proposal, confirming the firm's ability to meet
requirements and requesting changes as warranted.
- Directs firm activities and resources to achieve and maintain
compliance with information security standards such as state and
federal privacy laws, ISO 27002/1, and GDPR.
- Leads and coordinates the firm's operational response to
information security incidents that threaten firm, client and
private information, directing forensics and organizing
communications. Identifies and reports on information security
incidents to firm management.
- Approves changes to firm systems, applications and policies
that may affect the security of firm, client and private
information. Serves as the internal auditor for information
- Works closely with senior leaders, line-of-business managers,
the IT organization, and others to establish an effective security
governance framework, support the delegation of authority, handle
budgets, ensure effective enterprise risk management and support
the establishment of measurable controls.
- Serves as an internal information security consultant to the
Department and Firm. Advises the department with current
information about information security technologies and related
- Develops a strategic vision for the security program;
prioritizes resources for effective security policies, practices
and processes; and develops an annual security plan. Identifies
enterprise systems, processes, and information resources that
require security protections.
- Identifies areas where existing security architecture requires
change or development. Ensures local security standards align with
international and national standards. Stays up to date with
Security (legal requirements, policy and technology) developments
in the commercial world and especially in the area of the law so
that the firm remains at the forefront of any security related
developments affecting the firm and the firm's clients.
- Monitors multiple logs across diverse platforms to uncover
specific activities as they occur from platform to platform.
Analyzes security analysis reports for security vulnerabilities and
recommends feasible and appropriate options. Reports on significant
trends and vulnerabilities.
- Develops, maintains, publishes, and communicates
enterprise-wide security standards, procedures and guidelines.
Ensures that alignment to those standards is monitored and carried
- Lead all aspects of the security infrastructure; for example
identity and access management, firewalls, antivirus and intrusion
detection system/intrusion prevention system. Monitors internal
control systems to ensure that appropriate information access
levels and security clearances are maintained. Monitors the
security infrastructure for policy violations or security events,
conducts security engineering, assists with resolution of escalated
incidents and participates in problem management activities.
- Improves security awareness and instills a risk-aware culture
in the organization, ensuring that personnel fully understand the
risk implications of their IT assets.
- Measures and reports on the effectiveness and efficiency of
security activities and capabilities. Manages, monitors, and
matures security processes (for example, identity and access
management; and threat and vulnerability management).
- Oversees IT security within the system development lifecycle,
change management, production systems support and
technology-enabled projects (user administration, security logging,
secure process flow, security standard methodologies).
- Develops and leads information security projects, adhering to
budgets, project plans, and business objectives.
- Negotiates security-related software licensing and support
- Assumes additional responsibilities as assigned. Required
- Critical thinking and planning abilities required.
- Analytical thinking
- Able to breakdown raw information and undefined problems into
specific, workable components that in-turn clearly identify the
issues at hand.
- Makes logical conclusions, anticipates obstacles and considers
different approaches that are relevant to the decision making
- Team player with ability to effectively meet challenges,
influence and drive consensus within the team.
- Enterprise business knowledge
- Solicits information on enterprise direction, goals and
industry competitive environment to determine how own function can
add value to the organization and to customers.
- Makes decisions and recommendations clearly linked to the
organization's strategy and financial goals, reflecting an
awareness of external dynamics.
- Risk management:
- Identifies risks and obstacles to plans. Defines scarcity and
conflicts of resource needs, and potential constraints.
- Investigates risks within various project elements, assesses
impact, and develops contingency plans to address major risks.
- Knowledge of security issues, techniques, and implications
across all existing computer platforms required.
- Knowledge in networking, databases and systems operations is
- Leadership skills are required.
- Collaboration and influence skills are required.
- Proven interpersonal and communication skills.
- Demonstrated ability to prioritize tasks and effectively handle
multiple responsibilities in a multifaceted environment.
- Demonstrated problem solving abilities, analytical skills, and
proven ability to meet challenging deadlines required.
- Strong work ethic; excellent use of discretion and judgment.
Excellent written communication skills.
- Ability to work under stress and multi-task on various
assignments; Detail orientation is a must.Education
- Bachelor's Degree in Computer Science, Management or related
- CISSP or other major security certification preferred. Required
- 5-7 years' work experience leading information security in a
large and sophisticated environment; or other equivalent
combination of education and experience that provides the required
knowledge and skills.
- Prior experience managing an Information Security, compliance
or internal controls team preferred.
- Knowledge of WilmerHale IT systems preferred.WilmerHale is an
Equal Opportunity Employer. All qualified applicants will receive
consideration without regard to race, color, religion, gender,
sexual orientation, gender identity, national origin or ancestry,
age, disability or veteran status, or other protected status. Job
Location Boston, Massachusetts, United States Position Type
Keywords: WilmerHale, Boston , Director, Information Security, Executive , Boston, Massachusetts
Didn't find what you're looking for? Search again!