Information Security Manager ( with a law firm)

IT Security Manager

• this position is with client, a major law firm in the US

Must be a US CITIZEN ( no visa!)

Location: remote but must live in one of the following states: Alabama, Arizona, California, Colorado, Connecticut, Florida, Georgia, Illinois, Louisiana, Massachusetts, Michigan, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Virginia, Washington, Missouri

Position Summary

• The IT Security Manager plays a critical leadership role in shaping and executing the firm’s cybersecurity strategy. Reporting to the Chief Information Officer (CIO), this individual leads the firm’s Information Security team and works closely with partners, firm leadership, and IT teams to maintain and strengthen the firm’s security posture.
• This role requires both strategic vision and hands-on leadership. The IT Security Manager will oversee daily security operations, guide long-term security initiatives, and serve as a trusted advisor to leadership on all matters related to information security, risk management, and regulatory compliance.

Scope & Leadership

• The IT Security Manager serves as the operational leader of the firm’s information security program and partners closely with the CIO to advance cybersecurity strategy. Key leadership responsibilities include:
• Directing the day-to-day operations of the firm’s information security program
• Managing and mentoring the Information Security team while fostering a culture of continuous improvement
• Leading implementation and oversight of security technologies, policies, and controls
• Partnering with infrastructure, cloud, and application teams to embed security across all systems and services
• Representing the firm’s security program in discussions with leadership, partners, clients, and external auditors
• Supporting the development of the firm’s long-term cybersecurity roadmap and strategic initiatives
• Maintaining and evolving governance, risk management, and security operations frameworks

Key Responsibilities

• Security Operations & Risk Management
• Oversee the deployment, configuration, and optimization of security platforms, including MDR, EDR, MFA, IAM, DLP, vulnerability management, and email security tools
• Monitor the firm’s security landscape to identify vulnerabilities and proactively mitigate risk
• Lead security incident response activities, coordinating with internal teams and external partners to ensure rapid resolution and recovery
• Conduct security assessments, penetration testing exercises, and tabletop simulations to strengthen incident readiness
• Evaluate emerging threats and implement strategies to protect firm systems and data
• Security Governance & Compliance
• Develop, maintain, and enforce security policies, standards, and procedures
• Ensure compliance with applicable regulatory requirements and industry frameworks including ISO 27001, GDPR, CCPA, and client security guidelines
• Manage the firm’s client security program, including security questionnaires, audits, and outside counsel guidelines
• Oversee vulnerability management and risk remediation initiatives across the organization
• Team Leadership & Development
• Lead, mentor, and develop a team of information security professionals
• Recruit, develop, and retain top security talent
• Ensure the team maintains current knowledge of security tools, threats, and best practices
• Promote collaboration across IT and business teams to maintain a strong security culture
• Security Awareness & Communication
• Manage the firm’s security awareness and training programs
• Communicate security risks, initiatives, and program status to firm leadership and partners
• Serve as a liaison between the security team and other departments to ensure alignment on security priorities