Jobs · Information Technology · Pennsylvania

Director of IT Security & Risk Management

Dechert LLP · Philadelphia, PA · 3 wk ago
Information TechnologyFull-time

Essential Job Functions

  • Lead the firm’s global information security program and develop a forward-looking security strategy aligned with business priorities, client expectations, and enterprise risk tolerance.
  • Serve as a trusted advisor to the CIO and firm leadership on cyber risk, security posture, investment priorities, and emerging threats.
  • Establish and maintain an effective security operating model that supports both day-to-day protection and long-term program maturity.
  • Manage the information security budget, resource planning, and program roadmap.
  • Design and maintain a cybersecurity governance framework, including appropriate steering committees, reporting structures, and decision-making forums.
  • Develop, implement, and maintain security policies, standards, procedures, and guidelines across the firm.
  • Create and manage a unified, risk-based control framework that supports legal, regulatory, contractual, and client-driven requirements across jurisdictions.
  • Partner with stakeholders across IT, General Counsel, Privacy, Procurement, and Business Continuity to ensure alignment and consistent application of security controls.
  • Support firm-wide risk assessments and advise leaders on risk mitigation strategies within the firm’s risk appetite.
  • Oversee the firm’s ability to identify, detect, respond to, manage, and recover from cybersecurity incidents.
  • Lead the development, maintenance, and testing of incident response plans, playbooks, and procedures.
  • Monitor the external threat environment and advise stakeholders on relevant threats, vulnerabilities, and mitigation actions.
  • Help ensure business-critical services are resilient and recoverable in the event of a security incident.
  • Partner with technology teams to ensure security controls are effective across infrastructure, cloud platforms, applications, networks, endpoints, identity, and data.
  • Ensure security is embedded into projects, system implementations, operational processes, and technology change initiatives.
  • Evaluate and implement modern security technologies and practices to strengthen the firm’s capabilities and improve operational maturity.
  • Support development and maintenance of asset inventories, including cloud services, third-party hosted systems, and critical information assets.
  • Partner with Procurement and General Counsel to ensure appropriate information security and data protection provisions are included in vendor and third-party contracts.
  • Support responses to client security assessments, outside counsel guidelines, audits, RFPs, and security due diligence requests.
  • Define and maintain the standards, controls, and assurance practices necessary to meet firm and client expectations.
  • Build and maintain relationships with external peers, partners, vendors, and industry groups to stay informed on trends, incidents, and best practices.
  • Lead the firm’s security awareness and training program for employees, contractors, and approved system users.
  • Establish meaningful security metrics and reporting to measure effectiveness, identify trends, and support decision-making.
  • Recruit, develop, and retain a high-performing and diverse team of information security professionals.
  • Foster a strong culture of accountability, collaboration, and continuous improvement across the security function and broader organization.

Qualifications / KSAs

  • Knowledge and experience with enterprise data centers, network technologies, virtualization, unified communication, mobility.
  • Experience and knowledge of common security, standards and risk frameworks.
  • Understanding of common commercial development and database technologies.
  • Experience in developing and managing a security governance program.
  • Ability to operate independently and collaborate in teams to achieve desired outcomes.
  • Self-motivated and highly productive.
  • Strong written and verbal communication skills.
  • Relevant BS / BA degree.
  • 10+ years of experience in Information Security including 5+ years in a Security leadership role.
  • Industry recognized security certifications (CISSP, CISA, CISM).
  • Legal industry knowledge and/or awareness.
  • Project management, budget and forecast experience.

Similar jobs