McGuireWoods has an opening for a firmwide Director of Information Security. The ideal candidate would work from our Richmond, VA office. The position could also reside in either our Washington DC, Raleigh NC, or Charlotte NC office albeit travel to Richmond would be required. Reporting directly into the firm's Chief Information Officer, the Director of Information Security provides vision and team leadership for developing and maintaining the firm's security posture globally by ensuring implementation of security controls, measures, policies, and procedures. This role serves as the most senior position in the firm that is entirely focused on information security. The firm is currently ISO-27001 certified.
McGuireWoods is a full-service firm providing legal and business solutions to corporate, individual and nonprofit clients worldwide for more than 184 years. Our law firm has earned the loyalty of many longstanding clients with deep understanding of their businesses and broad skills in corporate transactions, high-stakes disputes, and complex regulatory and compliance matters. People come here to do great, challenging work and we provide the resources and training for them to succeed and develop professionally. Working together from offices in the U.S., Europe and Asia, McGuireWoods is dedicated to diverse perspectives, impeccable service, and innovative delivery of practical, business-minded solutions. For more information, visit www.mcguirewoods.com.
Work with the General Counsel, CTO, CIO, Executive Director and other firm management to develop a security program and security projects that address identified risks and business security requirements
Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the GC, CIO and CTO with a realistic overview of risks and threats in the enterprise environment
Propose changes to existing policies and procedures to ensure operating efficiency and outside counsel guidelines/regulatory compliance
Hire, assess, and direct the work of Red Team and Blue Team employees (minimum of two) as well as cross-functional staff. Also responsible for the efforts of multiple 24/7 outsourced SOC services staff
Serve as primary representative for the firm regarding information security capabilities to audit staff of clients
Provide support and guidance for Office of General Counsel, legal and regulatory compliance efforts, including audit support
Recommend and coordinate the implementation of technical controls to support and enforce defined security policies
Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools
Direct and coordinate operational components of incident management, including detection, response and reporting
Oversee the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk
Manage security projects and provide expert guidance on security matters for other IT projects
Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks
Requires a Bachelor's degree in Information Systems or equivalent field.
An M.B.A. or M.S. in information security is preferred.
Minimum of seven years of IT experience, with five years in an information security role and at least two years in a managerial role.
Certification from (ISC)2, ISACA, SANS or other relevant certifications.
The ability to interact positively with firm personnel through senior executives, build strong relationships at all levels and across all departments and understand business imperatives.
Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European Union General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standards (PCI DSS).
Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
Knowledge in application technology security testing (white box, black box and code review).
Understand system technology security testing (vulnerability scanning and penetration testing).
Experience creating content for and managing a security awareness program.
Have more questions? Connect with a recruiter directly.