Manager, Cybersecurity Controls

The Manager, Cybersecurity Controls will oversee the implementation, management, and continuous improvement of Information Security Management System (ISMS) controls based on ISO 27001 and NIST standards. This role will support client reporting and audit / assessment requirements, as well as the assessment, remediation and reporting of cyber risk, identifying the appropriate controls and protocols to reduce or manage IT risk.

In this capacity, the Manager, Cybersecurity Controls will :

• Demonstrate fluency with ISO 27002 : 2022 controls;
• Support ISO 27001 efforts by evaluating (i.e., assessing or auditing), recommending, developing, coordinating, monitoring and maintaining cyber security policies, procedures, processes, standards,guidelines and controls library;
• Manage or support the enforcement of the InfoSec policy, procedure and process portfolio, including standards, guidelines and processes to verify alignment to Firm and Client InfoSec requirements and make recommendations for improvement;
• Lead the remediation efforts associated with gaps in the information security program based on ISO 27001 and 27002 standards, independent assessments, regulatory and Client requirements;
• Ability to explain technical threats, controls and remediation activities to both technical and non-technical stakeholders;
• Oversee and support the Firm's InfoSec responses to client assessments and presentations;
• Operationalize guidelines and roadmaps into actionable project plans, as well as manage multiple workstreams across matrixed teams;
• Implement and socialize security related standards, procedures, processes and guidelines, as well as enforce and monitor / track adoption across stakeholder groups;
• Provide stakeholder guidance regarding the development of and provides quality assurance reviews to procedure, process, standards and guidelines deliverables to validate alignment to Firm and Client requirements;

Assist with the creation and maintenance of the Cyber risk register and associated remediation activities; and

Handles additional related projects as assigned.

In addition the Manager, Cybersecurity Controls will be expected to have :

Ability to develop and maintain a solid working relationship across multiple stakeholder groups; and

Strong analytical skills.

Proficiencies :

Fundamental knowledge of the operation of law practices; and

Advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.

Qualifications :

Bachelor degree in Information Security, Information Assurance, Computer Science, Information Systems, or other related field (two years of additional experience may be substituted for two years of college credits); and

At least seven (7 ) years of combined information technology and information security experience (preferred).