Information Security & Risk Manager
Apply NowCompany: CivicMinds, Inc.
Location: Boston, MA 02115
Description:
Information Security & Risk Manager
We are a Boston based law firm that provides counsel to well-established industry leaders, early-stage entrpreneurs, recognized foundations and familes across the country. We are consistently recognized as one of "The Best Mid-Sized Law Firms to Work For" and are looking for an amazing person to join our team as the Information Security and Risk Manager. In this role, you will report to the Chief Information Officer (CIO).
The Information Security and Risk Manager is responsible for the maintenance of firm wide Information Security program that ensures the availability, integrity, and confidentiality of the Firms information assets. The role is also responsible for the maintenance of the Firms information security policies, standards, procedures and guidelines. The Manager will work with key business and IT leaders to assist project and application in identifying IT security and data protection requirements and/or security best practices. The manager will also be responsible for incident response, investigations, and reporting. Knowledge of risk management frameworks is also required to implement strategies to mitigate prioritized risks. The manager will be responsible for the coordination of external security assessments, audits with the appropriate department or manager. In addition to the responsibility of coordinating client questionnaire, the manager will also be responsible for the vendor risk management process. The manager will also lead the Vulnerability Management and its process, tools and metrics. The information security manager will ensure adherence to SOC 2 and other generally accepted IT security and control practices throughout the IT landscape.
Responsibilities:
Job Requirements:
Additional Skills/Experience:
We are a Boston based law firm that provides counsel to well-established industry leaders, early-stage entrpreneurs, recognized foundations and familes across the country. We are consistently recognized as one of "The Best Mid-Sized Law Firms to Work For" and are looking for an amazing person to join our team as the Information Security and Risk Manager. In this role, you will report to the Chief Information Officer (CIO).
The Information Security and Risk Manager is responsible for the maintenance of firm wide Information Security program that ensures the availability, integrity, and confidentiality of the Firms information assets. The role is also responsible for the maintenance of the Firms information security policies, standards, procedures and guidelines. The Manager will work with key business and IT leaders to assist project and application in identifying IT security and data protection requirements and/or security best practices. The manager will also be responsible for incident response, investigations, and reporting. Knowledge of risk management frameworks is also required to implement strategies to mitigate prioritized risks. The manager will be responsible for the coordination of external security assessments, audits with the appropriate department or manager. In addition to the responsibility of coordinating client questionnaire, the manager will also be responsible for the vendor risk management process. The manager will also lead the Vulnerability Management and its process, tools and metrics. The information security manager will ensure adherence to SOC 2 and other generally accepted IT security and control practices throughout the IT landscape.
Responsibilities:
-
- Manage systems and practices to protect client, employee and firm information.
- Establish and maintain data security strategies and programs.
- Conduct risk assessments to evaluate the effectiveness of existing controls.
- Investigate and remediate threats.
- Monitor, investigate and resolve alerts escalated by third party SEIM provider (Rapid7).
- Provide technical guidance and recommendations for new products and services.
- Develop and implement IT security policies, standards, procedures and protocols.
- Conduct penetration testing and vulnerabilities scans and coordinate remediation.
- Create and promote a high degree of data security awareness in the firm and coordinate annual firmwide security awareness training.
-
- Participate in the maintenance of the firm's Disaster Recovery and Business Continuity Plan.
- Ensure all security policies and procedures are kept current.
- Gather documentation/technical information in support of audit requests and issue remediation efforts.
- Stay current with applicable government regulations and requirements.
- Enforce best and most current practices as pertains to all aspects of data security.
- Additional responsibilities as assigned.
Job Requirements:
-
- Bachelor's degree in Computer Science, Information Security, or related field
- 5+ years' experience in network/systems administration and 2+ years in security
- CISSP, CISA, GIAC or other related information security certifications
- Able to clear government security checks as applicable
- Demonstrates strong problem solving, analytical, interpersonal, and ownership skills
- Possesses excellent collaboration skills for work with various internal team members
Additional Skills/Experience:
- An understanding of security concepts, encryption, system hardening, defense-in-depth designs, advanced persistent threats, anomaly detection and next-generation technologies.
- Working knowledge and experience with any of the following technologies: VA, SIEM, DLP,
- IPS/IDS, AV, MFA, VPN, FW, AD, Wireless, ACL's, & Port Scanning.
- Experience with event logging and correlation in SOC or CSIRT.
- Advanced knowledge of the Windows operating system.
- Knowledge of ISO 27001 security standards.
- Knowledge of rules and regulations related to GLBA, HIPAA, Mass Privacy, etc.
- Knowledge of a variety of security tools.