Cyber Security Compliance Manager - ISO 27001

This is a direct hire role that would sit 2-3 days a week in the client's Boston or Washington DC offices.

Information Security Compliance Manager

About the Role:

We are seeking an experienced Information Security Compliance Manager with a background in professional services or law firm environments to lead compliance initiatives and oversee security audits. This role requires extensive expertise in ISO 27001 audits and will be a key driver in ensuring the firm’s security policies and risk management processes align with regulatory and client requirements. Working closely with the Director of Information Security, the selected candidate will play a strategic leadership role in safeguarding the firm’s data and technology infrastructure while maintaining compliance with client-mandated security standards.

Key Responsibilities:

• Approve risk decisions and policy exceptions in coordination with the Director of Information Security, ensuring alignment with the firm’s security strategy.
• Supervise the Cyber Security Compliance Analyst, guiding risk assessments, vulnerability management, security process audits, and compliance reporting.
• Lead and oversee ISO 27001 audits, including internal assessments and firm-wide compliance efforts.
• Manage client-driven cybersecurity audits and ensure adherence to security-related Outside Counsel Guidelines (OCGs).
• Support information security governance within system development, covering production acceptance, change management, user administration, security logging, and secure workflow processes.
• Administer the firm’s application security review process, ensuring new technology services comply with security policies.
• Monitor and enhance security incident response processes, prioritizing and addressing security threats effectively.
• Lead enterprise-wide security projects, implementing best-in-class security protections to safeguard firm and client data.
• Act as a trusted cybersecurity advisor, fostering a culture of security awareness across the firm.
• Provide professional client service, ensuring internal and external stakeholders receive clear, proactive communication regarding security policies and initiatives.
• Take on additional responsibilities as needed to support the firm’s security and compliance objectives.

What You Will Bring:

• Extensive experience with ISO 27001 audits and other major cybersecurity frameworks (NIST, SOC 2, etc.), preferably in a law firm or professional services environment.
• Strong technical background in security risk management, compliance, and regulatory requirements for the legal industry.
• Hands-on experience with cybersecurity tools, security logging, risk analysis, vulnerability management, and governance frameworks.
• Proficiency in network security, databases, and enterprise system operations.
• Exceptional ability to analyze risks, anticipate obstacles, and develop strategic security solutions.
• Proven leadership experience in managing security teams and projects, with strong decision-making and communication skills.
• Ability to influence senior leadership and collaborate with cross-functional teams on security compliance initiatives.

Required Qualifications:

• Bachelor’s Degree in Cybersecurity, Computer Science, or a related technical field.
• Security certification preferred (CISSP, CISM, CRISC, or equivalent).
• Minimum 5 years of experience supporting information security in a law firm or professional services environment.
• Supervisory experience within a cybersecurity organization.