The Manager of Information Security, under the direction of the Director of Information Security, will assist with the development and delivery of IT security standards, best practices, architecture and systems to ensure information system security across the enterprise. He/she implements processes and methods for auditing and addressing non-compliance to information security standards; facilitates migration of non-compliant environments to compliant environments. He/she manages and participates in the planning and implementation of security administration for IT projects. He/she will make recommendations for security applications and systems. The Manager of Information Security makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective or to strengthen security measures. He/she manages such that security takes on a higher level of criticality for the protection of Firm intellectual capital in event that clients and/or vendors require access to internal databases/applications.
In this position, the employee must meet annual security education training and awareness (SETA) requirements. The employee must also assure that information created, acquired or maintained in performance of job duties is used in accordance with its intended purpose – to protect Troutman Sanders information and its infrastructure from external or internal threats – and to assure that the employee complies with Firm Policy requirements regarding information access, classification, security and privacy.
Information Security Responsibilities:
All members of the CIO organization are responsible to uphold the highest level of information security standards including, but not limited to:
To initiate, develop, and maintain information security policies and procedures and to ensure that the security strategies are being followed, so as to meet the organizational security goals and standards
To identify the security risks involved and resolve them, to perform assessment of security risks and to function as an auditor for security
To document all the security policies and to promote activities and procedures to create a general awareness about the significance of security within an organization
To review the security plans that have been implemented on the systems throughout the entire network of the organization, thus acting as an information security consultant
To act as a liaison to the department of information systems and to monitor its compliance and direct the unsolved issues to the appropriate department
To monitor the internal controlling systems so as to ensure its accessibility whenever it is required by the users
Report information security incidents as per the incident response policy and manage RCA and remediation as directed by the Director of Information Security
Participation in information security programs as needed by the Director of Information Security.
Perform vulnerability scanning on critical systems regularly and report gaps to appropriate managers.
Participate in Internal and External ISO Certification audits as required.
Assist with RFPs and RFIs as needed.
Essential Job Functions:
Responsible for documenting security policies and procedures created by the Technology Committee and Firm Management.
Provides direct training and oversight to employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information security clearance in accordance with established organizational information security policies and procedures.
Assists in facilitating, and promoting activities to create information security awareness within the organization.
Performs information security risk assessments and serves as an internal auditor for security issues.
Reviews systems-related security plans throughout the organization’s network, acting as a liaison to the IT Department.
Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager. Monitors the internal control systems to ensure that appropriate access levels are maintained.
Participates in keeping DR/BC plans updated to reflect technology and business changes.
Maintain current knowledge of information security changes, and plan for changes in response to dynamic business needs. Continue to develop skills, knowledge and ability to improve processes and procedures as well as to keep updated on trends and developments in the industry. This includes meeting annual personal development goals.
Qualifications and Requirements:
High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity, as well as inspire confidence in both the internal clients and team members.
High degree of initiative, dependability and ability to work with little supervision.
Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate between highly specialized groups of professionals.
Must be a critical thinker with strong problem-solving skills.
Knowledge of technological trends and developments in the area of information and cyber security.
Excellent analytical and organizational skills.
Excellent interpersonal skills and the ability to work and communicate effectively with all levels of law firm personnel, including partners and administrative managers.
Excellent presentation skills (both oral and written) with the ability to communicate in a persuasive manner that builds support, agreement and/or commitment.
Ability to analyze complex information security problems and recommend (or implement) solutions.
Ability to multi-task as well as take appropriate action to ensure obligations are met.
Ability to direct others and ability to foster an environment of collaboration, commitment, team spirit, pride and trust.
Education and/or Experience:
Bachelor’s or Master’s Degree in Computer Science, Information Systems, or other related field. Or any equivalent combination of training, education and experience that demonstrates the ability to perform the duties of the position.
Minimum of 3 to 5 years of information system work experience, with at least 5 years of leadership experience in managing multiple, cross-functional teams or projects, and influencing senior level management and key stakeholders. Experience in the areas such as systems security management, network, database administration, computer operations and production support.
Information security certifications (e.g. CISSP, CISM, CISA, etc.) are preferred.