Manager Of Security amp Privacy Compliance

Profile

Manager of Security & Privacy Compliance

The candidate reports to the firm’s Chief Information Security Officer and has overall responsibility for implementing and managing the firm’s compliance framework, procedures and processes relating to information security and privacy. Manages the firm’s Information Security Management System (ISMS) according to the ISO 27001 standard, including preparing the firm for all audits and maintaining certification. Manages the firm’s Privacy Information Management System (PIMS) according to the ISO 27017 standard, including preparing the firm for all audits and maintaining certification. Develops, tests, documents, evaluates, tracks and improves information security controls for all information technology resources, applications, privacy and security protocols. Develops and tracks security metrics to monitor Information Security program performance. Implements security audit guidelines and workflow process, testing the capability, reliability and effectiveness of the firm's security systems, applications, protocols and procedures. Manages periodic risk assessments, risk treatment plans, and completion of risk treatment activities. Collaborates with appropriate stakeholders to document and implement necessary policies and procedures to comply with ISO 27001 standards and to maintain certification. Reviews and manages security requirements in third-party guidelines and agreements. Works with appropriate personnel to respond to client generated security assessments. Coordinates the firm’s Vendor Risk Management program to ensure firm vendors meet the firm’s security and confidentiality requirements. Undergraduate degree in computer science, information technology, related subject matters or equivalent work experience is required. Should have 5+ years in an information security and / or privacy role, preferably in a law firm or other environment involving critical data and confidentiality management requirements. Experience managing and responding to audits and other tests of security controls, developing audit plans and procedures, and reporting the results of such audits is required. Experience writing/developing security / privacy policies and procedures is required. Experience managing people, processes and security privacy programs is required. Knowledge of information security controls and standards, particularly ISO 27001/27002 is required. Knowledge of privacy frameworks, particularly ISO 27017, rules and regulations related to privacy (e.g., HIPAA, GDPR) is required. General knowledge of enterprise security technologies, including SIEM, IDS/IPS systems and firewalls, antivirus, enterprise vulnerability scanning and testing, data at rest encryption technologies, etc. is required. CISSP, CISM, CRISC, CISA, GIAC, or other security certifications is desired.

Company info

Jenner & Block, L.L.P.
919 Third Ave. 37th Fl.
New York
New York
United States 10022-3908
Website : https://jenner.com/