Snell & Wilmer is one of the largest and most prestigious law firms in the Western United States, with more than 400 attorneys in nine offices. The firm is currently seeking a Data Security Manager who will work with the CIO to lead the security team supporting other areas of the IT department, risk management, and firm personnel. Candidates must be highly skilled and current regarding best practices and tools for protecting client, firm, employee, end-user data, communications, audit, analysis, assessment, and technical writing.
JOB DUTIES INCLUDE BUT ARE NOT LIMITED TO THE FOLLOWING:
- Maintains a cyber-risk and security program driven by established information protection policies.
- Collaborates with the CIO to develop processes and procedures to carry out the intended goals of the policies.
- Recommends writes and maintains firm security standards and policies.
- Creates and maintains firm information security framework.
- Evaluates technical securityarchitecture, processes, and vendors safeguarding the firm's assets, intellectual property, and computer systems.
- Directs compliance related to privacy, internal security controls and reporting.
- Works closely with the CIO, General Counsel, IT staff, and both internal and external auditors.
- Creates processes and conducts audits supporting corporate, financial, and regulatory processes in computer and communication hardware, OS software and applications.
- Sets vendor security requirements and evaluates vendor compliance.
- Identifies gaps in IT securityprocesses and designs and leads initiatives to close gaps.
- Works with all departments to perform securityrisk assessments and prioritizes risk mitigation.
- Evangelizes and trains on security awareness across all departments within the firm.
- Reports quarterly progress of security maturity and metrics to the CIO.
- Directs quarterly security committee meetings.
KNOWLEDGE, SKILLS, AND ABILITIES REQUIRED
- Experience writing clear and concise policies, processes, and training.
- Strong knowledge of InfoSec best practice for databases, network, and active directory.
- Demonstration of physical security practices.
- Able to analyze problems and implement/suggest resolutions.
- History of working in large environments.
- Background in business continuity planning, auditing and risk management.
- Firm understanding of authentication and authorization technologies and protocols such as Kerberos, certificate, basic, forms-based and multi-factor authentication etc.
- Working knowledge of industry security frameworks such as ISO 27001, HIPAA, NIST Cyber Security Framework.
- Hands on experience with firewalls, IPS/IDS, MFA, SIEM, AV, EDR/MDR, DNSSEC, forensic, malware detection and other security technologies.
- Superb interpersonal skills empowering manager to work with a highly diverse and global staff working in a fast-pace and dynamic environment.
- 10+ years of Information Technologyexperience with a BS or MS in the Information Systems, Computers Science, or related technical field.
- 5+ years specializing in information security.
- CISSP, CISM, CRISC or CISA security certification highly desirable, but practical/field experience is rated highest.