Key Choice Recruiting is helping a Top Firm with their opening for a Cybersecurity Controls Manager. As one of the world’s leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth.
The Manager, Cybersecurity Controls will oversee the implementation, management, and continuous improvement of Information Security Management System (ISMS) controls based on ISO 27001 and NIST standards. This role will support client reporting and audit/assessment requirements, as well as the assessment, remediation and reporting of cyber risk, identifying the appropriate controls and protocols to reduce or manage IT risk.
The Manager, Cybersecurity Controls will:
- Demonstrate fluency with ISO 27002:2022 controls;
- Support ISO 27001 efforts by evaluating (i.e., assessing or auditing), recommending, developing, coordinating, monitoring and maintaining cyber security policies, procedures, processes, standards,guidelines and controls library;
- Manage or support the enforcement of the InfoSec policy, procedure and process portfolio, including standards, guidelines and processes to verify alignment to Firm and Client InfoSec requirements and make recommendations for improvement;
- Lead the remediation efforts associated with gaps in the information security program based on ISO 27001 and 27002 standards, independent assessments, regulatory and Client requirements;
- Ability to explain technical threats, controls and remediation activities to both technical and non-technical stakeholders;
- Oversee and support the Firm’s InfoSec responses to client assessments and presentations;
- Operationalize guidelines and roadmaps into actionable project plans, as well as manage multiple workstreams across matrixed teams;
- Implement and socialize security related standards, procedures, processes and guidelines, as well as enforce and monitor/track adoption across stakeholder groups;
- Provide stakeholder guidance regarding the development of and provides quality assurance reviews to procedure, process, standards and guidelines deliverables to validate alignment to Firm and Client requirements;
- Assist with the creation and maintenance of the Cyber risk register and associated remediation activities; and
- Handles additional related projects as assigned.
Additional Qualifications:
- Understanding of operational risks as related to technology solutions;
- Awareness of additional information security standards (CSF, NIST, ISO), as well as the emerging cyber threat landscape;
- Technical understanding of security auditing and assessment practices, applications, platforms and architectures;
- Ability to develop and maintain a solid working relationship across multiple stakeholder groups; and
- Strong analytical skills.
Proficiencies:
- CISA, CISM, GSEC, CISSP or other security-related certification preferred;
- Strong understanding of information security concepts and technologies;
- Strong understanding of industry control frameworks, risk management concepts, frameworks, and methodologies;
- Client facing experience (e.g., consulting);
- Fundamental knowledge of the operation of law practices; and
- Advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.
Qualifications:
- Bachelor degree in Information Security, Information Assurance, Computer Science, Information Systems, or other related field (two years of additional experience may be substituted for two years of college credits); and
- At least seven (7+) years of combined information technology and information security experience (preferred).
Benefits include:
- Medical, Dental, Vision, Life/AD&D, Long Term Care, and Short and Long Term Disability
- Flexible Spending Account and Health Savings Account
- Healthcare Concierge and Advocacy
- Voluntary 401k Plan and Profit Sharing
- 10 Paid Holidays per year and a generous PTO program
- Family Support including Pediatric Mental Health and Parental Support, Paid Parental Leave, Fertility Benefits, and Breast Milk Shipping
- Back-up Child Care, Elder Care, and Tutoring
- Wellness Programs (Employee Assistance Program, Mental Health, and Well-Being Events)
- Retirement Plan Consulting
- Anniversary Bonus Program
- Professional Development Programs
- Transportation Allowance and Commuter Benefits
- International Travel Insurance
- Auto/Home/Legal Insurance
- Pet Insurance
- Employee discounts
- And more!