Cyber Security Program Lead

WilmerHale is a leading, full-service international law firm with 1,000 lawyers located throughout 12 offices in the United States and Europe. Our lawyers work at the intersection of government, technology and business, and we remain committed to our guiding principles of providing quality, excellent legal and client services; developing diversity among our lawyers and staff and cultivating an environment that promotes an ambitious spirit, collaboration and collegiality by drawing on the extraordinary talents and dynamic experience of our lawyers. Our goal is to reflect the diversity of our clients and the communities in which we practice.
 
What You Will Be Doing:

The Cyber Security Program Lead oversees information security-related initiatives and projects, focusing predominantly on cyber-compliance.  Supports the firm’s ISO 27001 security effort, ensuring key requirements are met and improvements made. Leads the firm’s third-party risk management program and vulnerability management program. Ensures accurate completion of client and internal cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs). Works across groups within Information Services to implement security-related projects and procedures, confirms proper operation of security infrastructure and ensures proper incident response. Provides expertise and guidance on risk-based decisions, the integrity of security procedures, systems, and policies in the design of new applications and services. Authorized to approve new applications and services and exceptions to firm policy, in coordination with the Director, Information Security. 

Supervises the Cyber Security Compliance Analyst position and leads cyber security compliance initiatives firmwide, including client and internal audits. Provides coaching and guidance to other security team members and others in regard to firm compliance programs and audits. 

About The Role:

• Approves risk decisions and exceptions to firm policy in coordination with the Director-Information Security.
• Supervises the Cyber Security Compliance Analyst position, supporting completion of information security risk assessments, daily/weekly/monthly/quarterly auditing of information security processes, creation of metrics, and ongoing vulnerability management.
• Oversees and participates in the completion and hosting of both firm and internal ISO 27001 security audits.
• Oversees the completion of client cyber security audits and conducts reviews of security-related client Outside Counsel Guidelines (OCGs).
• Supports IS security within the system development lifecycle including production acceptance, change management, user administration, security logging, secure process flow, and security best practices.
• Manages the firm’s application security review process, ensuring new services are properly vetted.
• Monitors on-going security incident response procedures to ensure proper identification and prioritization of incidents.
• Leads information security projects that apply security protections to enterprise systems, processes and information resources.
• Assists with proactively supporting client service and ensures that staff members are providing quality service to internal members of the Firm as well as external clients and vendors by displaying professionalism via electronic and print correspondence, over the telephone and in-person and by encouraging an atmosphere that rewards a "can do" attitude.
• Assumes additional responsibilities as assigned.