Information Security Manager

We are searching for a Manager of Information Security for our corporate Pittsburgh, PA office. This is a pivotal leadership role responsible for the development and oversight of a comprehensive information security management system (ISMS) and privacy information management system (PIMS) across the firm. The Manager of Information security will manage a skilled team dedicated to security engineering, operations, incident response, and the development of security policies and procedures.

Essential Duties and Responsibilities:

• Reporting to the Firm s Director of Enterprise Operations & Security, the Manager will collaborate closely with various Technology teams and Firm leadership to inspire, mentor, and cultivate the skills of the security team members, fostering a high-performance environment.
• Develops and maintains information security policies, procedures and training and advise the various departments and practice groups in adhering to them.
• Leads the ongoing ISO 27001/27701 lifecycle and manage the relationship with our consulting team to ensure security operations compliance within the Firm.
• Provides expert opinions and leadership over existing technical threats and advice on how to mitigate or identify as acceptable risks.
• Oversees vulnerability scanning and remediation programs.
• Establish and Oversee Security Metric investments and risk trending dashboard.
• Oversees and/or assists in performing on-going security monitoring threat avoidance analyses.
• Manage relationships with security managed service providers and continuously develop their capabilities.
• Analyzes new systems (hardware and software) and provides recommendations concerning their security.
• Coordinates the development of an ongoing information security awareness program to ensure that employees are aware of threats and how to help ensure privacy of Firm data.
• Works with general counsel to provide responses to client security audits/questionnaires/RFP s.
• Maintains appropriate security measures and mechanisms to guard against unauthorized access to electronically stored and /or transmitted client data and reasonably protect against anticipated threats and hazards.
• Ensures compliance through adequate training programs and oversight of periodic internal and 3rd party security audits. Assesses audit results and partners with staff to create pragmatic action plans. Monitors execution and completion of action plans.
• Provides technical guidance and training to information owners and designs and implements programs for user awareness, compliance monitoring and security compliance.
• Develops and maintain an ongoing risk assessment program targeting information security and privacy matters.
• Active participant in Information Security and serves as Technology leader for incident response. Serves as primary contact for Technology incident responses.
• Performs other work related duties as assigned.

Required Qualifications:

• Bachelor's Degree or equivalent experience.
• 10 years of experience working in an information security related field.
• 5 years of experience managing a team of technical security engineers.
• One or more of the following certifications strongly preferred: CISSP, CISM; matriculating candidates considered.
• Strong understanding of various security frameworks; ISO27001/ISO27701 and SOC.
• Working knowledge of EDR, Vulnerability Scanning, Firewall, Proxy, PAM/PIM, SIEM and other security-related technologies.
• Excellent listening skills and written and oral communication skills, including effective presentation skills.
• Ability to relate to non-technical users in user-friendly language.
• Ability to understand technical implications of security threats and prioritize risk.
• Ability to manage multiple concurrent objectives or activities and effectively make judgments in prioritizing and time allocation in a high-pressure environment.
• Ability to gauge one s strengths and limitations.
• Ability to deal with changes and adapt to a changing environment.
• Must demonstrate the ability to maintain strict confidentiality of the Firm's internal and personnel affairs.
• Ability to work well with others, harness different skills and experience and build a strong sense of team spirit.
• Highly self-motivated and directed.
• Ability to work in a multi-office environment and willingness to travel to other offices as required.
• Experience working in a law Firm or professional services Firm environment preferred.