Jobs · Information Technology · Pennsylvania

Director, IT Security

Cozen O'Connor · Philadelphia, PA · 2 wk ago
HybridInformation TechnologyFull-time

Responsibilities

  • Design and execute a multi-year information security strategy aligned with firm objectives and the legal industry threat landscape, including a forward-looking framework for managing AI-related security and data risk.
  • Establish and publish firm-wide security standards that peer IT Directors apply to their respective domains — business systems, endpoints, custom software development, and AI deployments — ensuring consistent baseline security across all technology disciplines.
  • Partner with the Director of IT Risk/Audit to support the firm's ISO 27001, SOC 1, and SOC 2 Type II programs — implementing and operating required controls, providing technical evidence during audits, monthly metrics, and remediating findings.
  • Develop, maintain, and enforce security policies, standards, and procedures across all 33 offices, including policies governing the use of AI tools and agentic systems and their access to firm and client data.
  • Advise the CIO and firm leadership on security risk, budget priorities, and emerging threats — including the evolving risk landscape associated with generative AI and agentic AI adoption.
  • Respond to client security questionnaires, outside counsel guidelines, and audits; present the firm's security posture credibly to client security teams.

Security Operations (Hands-On)

  • Direct daily security operations: monitoring, detection, triage, vulnerability management, and incident response.
  • Serve as senior escalation point and lead incident response when it counts.
  • Personally engineer and tune security controls across Microsoft 365 and Azure (Defender XDR, Sentinel, Entra ID, Purview, Conditional Access, Intune) and the firm's on-premises data center infrastructure.
  • Own endpoint security strategy and operations across all firm device types — including policy enforcement, EDR tooling, patch management posture, and mobile device management in coordination with the relevant IT Directors.
  • Partner with the Director of Software Development to embed application security into the firm's custom software development lifecycle — including secure coding standards, SAST/DAST tooling, code review security requirements, and pre-deployment security sign-off.
  • Manage identity and access governance, privileged access, and zero-trust adoption across the hybrid environment — extending those controls to cover AI agents and AI-integrated applications accessing firm systems and data.
  • Evaluate and govern the security posture of AI tools and agentic systems deployed or evaluated by the firm, including data access controls, prompt injection risks, output handling, and audit logging.
  • Oversee third-party security tooling and managed service relationships; evaluate, select, and rationalize the security stack.
  • Run the firm's security awareness, phishing simulation, and training programs, including awareness content specific to AI-related threats and safe AI use.

Leadership

  • Lead, mentor, and develop the Security Operations team; build the function's capability, automation, and headcount case as the firm grows.
  • Serve as a peer leader and primary security authority within the IT Director team — collaborating across infrastructure, applications, software development, and practice-support disciplines to ensure security is a shared standard, not a gate at the end of delivery.
  • Partner with the IS Project Management Office to embed security in projects from the start and certify services are ready for deployment.
  • Cook up with the Director of IT Risk/Audit, General Counsel, Risk, and Compliance on data protection obligations across US, Canadian, and UK jurisdictions (including GDPR/UK GDPR and state privacy laws).

Qualifications

  • 10+ years of progressive information security experience, including 5+ years leading security teams, with demonstrated success as a hands-on technical leader.
  • Bachelor's degree in computer science, information security, or a related field.
  • CISSP required; additional certifications such as CISM, CCSP, GIAC (e.g., GSEC, GCIH), or Microsoft security certifications (SC-100, SC-200) strongly preferred.
  • Direct experience operating security controls within ISO 27001, SOC 1, and SOC 2 Type II certified environments, including supporting successful audits.
  • Deep technical proficiency securing Microsoft 365 and Azure environments, plus experience securing traditional on-premises data center infrastructure (network, firewall, server, storage).
  • Hands-on endpoint security experience — EDR platforms, device policy enforcement, patch posture management, and mobile device/BYOD controls at enterprise scale.
  • Application security / DevSecOps experience: integrating security into custom software development lifecycles through secure coding standards, SAST/DAST tooling, and developer-facing security requirements.
  • Demonstrated understanding of AI security risk, including the security and data governance implications of agentic AI systems, large language model (LLM) integrations, and AI access to enterprise data stores and data warehouses.
  • Proven incident response leadership — you have run real incidents, not just tabletop exercises.
  • Experience presenting security programs to external parties (clients, auditors, regulators) with confidence and credibility.
  • Ability to work on site in Philadelphia at least 3 days per week.

About Us

Known for its commitment to action and tangible results, Cozen O'Connor has rapidly grown to become one of North America's fastest-growing law firms. Offering full-service expertise in litigation, business law, and government relations, the firm serves a diverse clientele, including global Fortune 500 companies, growing middle-market firms, startups, and high-profile individuals. Established in 1970, Cozen O’Connor has more than 1,000 attorneys who help clients manage risk and make better business decisions. The firm counsels clients on their most sophisticated legal matters in all areas of the law, including litigation, corporate, and regulatory law. Representing a broad array of leading global corporations and middle market companies, Cozen O’Connor services its clients’ needs through 35 offices across two continents. The firm is consistently ranked among the top 100 law firms in America and has received recognition from prestigious legal and business organizations such as Chambers & Partners, The American Lawyer, The Legal 500, and Best Lawyers. Cozen O'Connor is dedicated to excellence and strives to achieve the right results for its clients, no matter how complex or critical the legal challenges may be. Cozen O'Connor is committed to fostering greater inclusion in the legal profession. We understand the organizational effectiveness that comes from welcoming and valuing differences within the firm, and we know that assembling a team with a breadth of perspectives and experience is necessary to provide the highest quality legal service. We encourage candidates to apply and join us in this effort. Cozen O'Connor actively welcomes applicants who have previously left the workforce and are looking to return to their careers. Gaps in experience are not penalized. Cozen O'Connor is an Equal Opportunity Employer, including disabled and veterans.

Similar jobs

Director IT Security

MindrUnited States· 1 wk ago
RemoteInformation Technology$139k–$185k/yrapply on cstmyhr.rec.pro.ukg.net

Director - IT Security

Tennessee Board of Regents (TBR)Memphis, TN· 3 mo ago
Information Technologyapply on careers.tbr.edu

Director, IT & Security

TonalAustin, Texas Metropolitan Area· 5 days ago
RemoteInformation Technologyapply on tonal.com

Director of IT Security

ETAP SoftwareIrvine, CA· 2 wk ago
Information Technology$138k–$230k/yrapply on aveva.wd3.myworkdayjobs.com