Senior Information Security Leader – Law Firm​/Professional Services

Overview

We are seeking an experienced Information Security professional to take ownership of the security strategy for a law firm. This role blends hands-on technical leadership with executive-level program management, driving the protection of critical technology assets while enabling business growth.

• Develop, maintain, and enhance the firm's cybersecurity program in alignment with organizational objectives and confidentiality requirements.
• Define, implement, and enforce policies, standards, and best practices to secure IT systems, applications, and data.
• Proactively evaluate security risks through assessments, penetration testing, and continuous monitoring, and recommend mitigation strategies.
• Lead response efforts for security incidents, including investigation, containment, remediation, and post-incident reporting.
• Provide mentorship and guidance to the security team, fostering skill development and adherence to industry best practices.
• Partner with leadership to communicate risk posture, program effectiveness, and actionable recommendations.

• 10+ years in IT and information security, including at least 4 years in a leadership capacity.
• Demonstrated experience within law firms or Big 4 professional services organizations is required.
• Deep understanding of industry standards and frameworks such as NIST, ISO 27001, and HIPAA.
• Relevant certifications like CISSP, CISM, CISA, GIAC, CompTIA Security+, or GISO are highly valued.
• Proven track record in managing security programs, guiding technical teams, and advising leadership on complex security challenges.