Director of IT Security & Risk Management
Dechert LLP · Philadelphia, PA · 3 wk ago
Information TechnologyFull-time
Essential Job Functions
- Lead the firm’s global information security program and develop a forward-looking security strategy aligned with business priorities, client expectations, and enterprise risk tolerance.
- Serve as a trusted advisor to the CIO and firm leadership on cyber risk, security posture, investment priorities, and emerging threats.
- Establish and maintain an effective security operating model that supports both day-to-day protection and long-term program maturity.
- Manage the information security budget, resource planning, and program roadmap.
- Design and maintain a cybersecurity governance framework, including appropriate steering committees, reporting structures, and decision-making forums.
- Develop, implement, and maintain security policies, standards, procedures, and guidelines across the firm.
- Create and manage a unified, risk-based control framework that supports legal, regulatory, contractual, and client-driven requirements across jurisdictions.
- Partner with stakeholders across IT, General Counsel, Privacy, Procurement, and Business Continuity to ensure alignment and consistent application of security controls.
- Support firm-wide risk assessments and advise leaders on risk mitigation strategies within the firm’s risk appetite.
- Oversee the firm’s ability to identify, detect, respond to, manage, and recover from cybersecurity incidents.
- Lead the development, maintenance, and testing of incident response plans, playbooks, and procedures.
- Monitor the external threat environment and advise stakeholders on relevant threats, vulnerabilities, and mitigation actions.
- Help ensure business-critical services are resilient and recoverable in the event of a security incident.
- Partner with technology teams to ensure security controls are effective across infrastructure, cloud platforms, applications, networks, endpoints, identity, and data.
- Ensure security is embedded into projects, system implementations, operational processes, and technology change initiatives.
- Evaluate and implement modern security technologies and practices to strengthen the firm’s capabilities and improve operational maturity.
- Support development and maintenance of asset inventories, including cloud services, third-party hosted systems, and critical information assets.
- Partner with Procurement and General Counsel to ensure appropriate information security and data protection provisions are included in vendor and third-party contracts.
- Support responses to client security assessments, outside counsel guidelines, audits, RFPs, and security due diligence requests.
- Define and maintain the standards, controls, and assurance practices necessary to meet firm and client expectations.
- Build and maintain relationships with external peers, partners, vendors, and industry groups to stay informed on trends, incidents, and best practices.
- Lead the firm’s security awareness and training program for employees, contractors, and approved system users.
- Establish meaningful security metrics and reporting to measure effectiveness, identify trends, and support decision-making.
- Recruit, develop, and retain a high-performing and diverse team of information security professionals.
- Foster a strong culture of accountability, collaboration, and continuous improvement across the security function and broader organization.
Qualifications / KSAs
- Knowledge and experience with enterprise data centers, network technologies, virtualization, unified communication, mobility.
- Experience and knowledge of common security, standards and risk frameworks.
- Understanding of common commercial development and database technologies.
- Experience in developing and managing a security governance program.
- Ability to operate independently and collaborate in teams to achieve desired outcomes.
- Self-motivated and highly productive.
- Strong written and verbal communication skills.
- Relevant BS / BA degree.
- 10+ years of experience in Information Security including 5+ years in a Security leadership role.
- Industry recognized security certifications (CISSP, CISA, CISM).
- Legal industry knowledge and/or awareness.
- Project management, budget and forecast experience.