Cyber Security Program Lead

WilmerHale is a leading, full-service international law firm with 1,000 lawyers located throughout 12 offices in the United States and Europe. Our lawyers work at the intersection of government, technology and business, and we remain committed to our guiding principles of providing quality, excellent legal and client services; developing diversity among our lawyers and staff and cultivating an environment that promotes an ambitious spirit, collaboration and collegiality by drawing on the extraordinary talents and dynamic experience of our lawyers. Our goal is to reflect the diversity of our clients and the communities in which we practice.

What You Will Be Doing:

The Cyber Security Program Lead oversees information security-related initiatives and projects, focusing predominantly on cyber-compliance. Supports the firm's ISO 27001 security effort, ensuring key requirements are met and improvements made. Leads the firm's third-party risk management program and vulnerability management program. Ensures accurate completion of client and internal cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs). Works across groups within Information Services to implement security-related projects and procedures, confirms proper operation of security infrastructure and ensures proper incident response. Provides expertise and guidance on risk-based decisions, the integrity of security procedures, systems, and policies in the design of new applications and services. Authorized to approve new applications and services and exceptions to firm policy, in coordination with the Director, Information Security.

Supervises the Cyber Security Compliance Analyst position and leads cyber security compliance initiatives firmwide, including client and internal audits. Provides coaching and guidance to other security team members and others in regard to firm compliance programs and audits.

About The Role:

• Approves risk decisions and exceptions to firm policy in coordination with the Director-Information Security.
• Supervises the Cyber Security Compliance Analyst position, supporting completion of information security risk assessments, daily/weekly/monthly/quarterly auditing of information security processes, creation of metrics, and ongoing vulnerability management.
• Oversees and participates in the completion and hosting of both firm and internal ISO 27001 security audits.
• Oversees the completion of client cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs).
• Supports IS security within the system development lifecycle including production acceptance, change management, user administration, security logging, secure process flow, and security best practices.
• Manages the firm's application security review process, ensuring new services are properly vetted.
• Monitors on-going security incident response procedures to ensure proper identification and prioritization of incidents.
• Leads information security projects that apply security protections to enterprise systems, processes and information resources.
• Assists with proactively supporting client service and ensures that staff members are providing quality service to internal members of the Firm as well as external clients and vendors by displaying professionalism via electronic and print correspondence, over the telephone and in-person and by encouraging an atmosphere that rewards a "can do" attitude.
• Assumes additional responsibilities as assigned.

What You Will Bring/Your Qualifications:

• Hands on experience with the installation and support of computing platforms and applications, including selection, design and support of cyber security tools.
• Strong experience with one or more major cyber security compliance frameworks (NIST; ISO 27001; etc)
• Knowledge of security issues, techniques, and implications across all existing computer platforms required.
• Knowledge in networking, databases and systems operations is required.
• Strong work ethic; excellent use of discretion and judgment. Excellent written and verbal communication skills.
• Strategic thinking and planning abilities required.
• Analytical thinking
  
  
  
  • Able to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.
  • Makes logical conclusions, anticipates obstacles and considers different approaches that are relevant to the decision making process.
  
  
  
  
• Effectively meet challenges, influence and drive consensus within the team.
• Proven interpersonal and communication skills.
• Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.

Education:

• Bachelor's Degree required, preferred in Cyber Security, Computer Science or related technical field.
• Security Certification (CISSP, CRISC, etc) or equivalent strongly preferred.

Experience:

• 5 years or more work experience supporting information security in a large and complex environment; or other equivalent combination of education and experience that provides the required knowledge and skills.
• Supervisory experience within a cyber security organization.

For additional information about our benefits, please click here.

This job description is intended to describe the general nature and level of the work being performed by employees in the position. It is not intended to be a complete list of all responsibilities, duties, and skills for positions. The firm reserves the right at all times, in its sole discretion, to add or subtract duties and responsibilities, as it deems necessary.

WilmerHale is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, gender identity, national origin or ancestry, age, disability or veteran status, or other protected status.

#L1-MB1

#L1-Hybrid