Senior Information Security Leader – Law Firm / Professional Services
Phaxis, Hartford, CT, United States
We are seeking an experienced Information Security professional to take ownership of the security strategy for a law firm. This role blends hands‑on technical leadership with executive‑level program management, driving the protection of critical technology assets while enabling business growth.
Responsibilities
Develop, maintain, and enhance the firm’s cybersecurity program in alignment with organizational objectives and confidentiality requirements.
Define, implement, and enforce policies, standards, and best practices to secure IT systems, applications, and data.
Proactively evaluate security risks through assessments, penetration testing, and continuous monitoring, and recommend mitigation strategies.
Lead response efforts for security incidents, including investigation, containment, remediation, and post‑incident reporting.
Provide mentorship and guidance to the security team, fostering skill development and adherence to industry best practices.
Partner with leadership to communicate risk posture, program effectiveness, and actionable recommendations.
Qualifications
10+ years in IT and information security, including at least 4 years in a leadership capacity.
Demonstrated experience within law firms or Big 4 professional services organizations is required.
Deep understanding of industry standards and frameworks such as NIST, ISO 27001, and HIPAA.
Relevant certifications like CISSP, CISM, CISA, GIAC, CompTIA Security+, or GISO are highly valued.
Proven track record in managing security programs, guiding technical teams, and advising leadership on complex security challenges.
#J-18808-Ljbffr
Responsibilities
Develop, maintain, and enhance the firm’s cybersecurity program in alignment with organizational objectives and confidentiality requirements.
Define, implement, and enforce policies, standards, and best practices to secure IT systems, applications, and data.
Proactively evaluate security risks through assessments, penetration testing, and continuous monitoring, and recommend mitigation strategies.
Lead response efforts for security incidents, including investigation, containment, remediation, and post‑incident reporting.
Provide mentorship and guidance to the security team, fostering skill development and adherence to industry best practices.
Partner with leadership to communicate risk posture, program effectiveness, and actionable recommendations.
Qualifications
10+ years in IT and information security, including at least 4 years in a leadership capacity.
Demonstrated experience within law firms or Big 4 professional services organizations is required.
Deep understanding of industry standards and frameworks such as NIST, ISO 27001, and HIPAA.
Relevant certifications like CISSP, CISM, CISA, GIAC, CompTIA Security+, or GISO are highly valued.
Proven track record in managing security programs, guiding technical teams, and advising leadership on complex security challenges.
#J-18808-Ljbffr