We are partnered with a leading global law firm, with a distinguished track record of delivering high-quality legal services across multiple jurisdictions. As a firm committed to innovation, client confidentiality, and operational excellence, they are seeking a dynamic and experienced Director of Information Security to lead cybersecurity strategy across our global offices.
The Director of Information Security will be responsible for developing, implementing, and overseeing the firm’s global information security strategy. This role will ensure that the firm’s information assets, systems, and client data are protected against evolving cyber threats while maintaining compliance with legal, regulatory, and ethical standards. The Director will lead a global team of security professionals and collaborate with cross-functional teams to safeguard the firm’s digital infrastructure.
Key Responsibilities
- Cybersecurity Leadership: Lead the development and execution of the firm’s global information security strategy, aligning security objectives with the firm’s business goals.
- Risk Management: Identify and mitigate cybersecurity risks, ensuring a proactive approach to managing vulnerabilities, threats, and incidents.
- Compliance & Standards: Oversee compliance with legal, regulatory, and industry-specific security standards (e.g., GDPR, ISO 27001, SOC 2, etc.), and ensure the firm’s security policies reflect current best practices.
- Incident Response: Develop and maintain a comprehensive incident response and business continuity plan, coordinating responses to security breaches and cyber threats.
- Team Leadership: Lead and mentor a global team of information security professionals, fostering a culture of security awareness and continuous improvement.
- Collaboration: Work closely with senior management, IT teams, legal departments, and external stakeholders to integrate security practices into business processes and ensure alignment with firm-wide objectives.
- Security Awareness: Drive ongoing security awareness initiatives, including training programs, to ensure employees at all levels understand their role in maintaining a secure environment.
- Vendor Management: Oversee third-party security risk assessments and ensure that vendors meet the firm’s security standards and policies.
Qualifications & Experience
- Proven experience (10+ years) in information security management, with at least 5 years in a senior leadership role.
- Strong background in managing complex cybersecurity programs, preferably in a professional services or legal environment.
- In-depth knowledge of cybersecurity frameworks, regulations, and industry best practices.
- Experience with risk management, security audits, penetration testing, and incident response planning.
- Hands-on experience with security technologies such as firewalls, intrusion detection/prevention systems, SIEM, endpoint protection, and encryption tools.
- Advanced certifications such as CISSP, CISM, or CISA are highly desirable.
- A deep understanding of the legal and regulatory landscape governing data protection and privacy, particularly in the context of global operations (e.g., GDPR, CCPA).
- Excellent communication skills, with the ability to engage both technical and non-technical stakeholders, and to present security risks and solutions to executive leadership.
- Strong leadership and team-building skills with a collaborative, solutions-oriented approach.
We have a base salary up to $285,000 available for this role.
