Director, Information Security

Mcguirewoods LLP Richmond , VA 23234

Posted 3 months ago

Overview

McGuireWoods has an opening for a firmwide Director of Information Security. The ideal candidate would work from our Richmond, VA office. The position could also reside in either our Washington DC, Raleigh NC, or Charlotte NC office albeit travel to Richmond would be required. Reporting directly into the firm's Chief Information Officer, the Director of Information Security provides vision and team leadership for developing and maintaining the firm's security posture globally by ensuring implementation of security controls, measures, policies, and procedures. This role serves as the most senior position in the firm that is entirely focused on information security. The firm is currently ISO-27001 certified.

McGuireWoods is a full-service firm providing legal and business solutions to corporate, individual and nonprofit clients worldwide for more than 184 years. Our law firm has earned the loyalty of many longstanding clients with deep understanding of their businesses and broad skills in corporate transactions, high-stakes disputes, and complex regulatory and compliance matters. People come here to do great, challenging work and we provide the resources and training for them to succeed and develop professionally. Working together from offices in the U.S., Europe and Asia, McGuireWoods is dedicated to diverse perspectives, impeccable service, and innovative delivery of practical, business-minded solutions. For more information, visit www.mcguirewoods.com.

Responsibilities

  • Work with the General Counsel, CTO, CIO, Executive Director and other firm management to develop a security program and security projects that address identified risks and business security requirements

  • Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the GC, CIO and CTO with a realistic overview of risks and threats in the enterprise environment

  • Propose changes to existing policies and procedures to ensure operating efficiency and outside counsel guidelines/regulatory compliance

  • Hire, assess, and direct the work of Red Team and Blue Team employees (minimum of two) as well as cross-functional staff. Also responsible for the efforts of multiple 24/7 outsourced SOC services staff

  • Serve as primary representative for the firm regarding information security capabilities to audit staff of clients

  • Provide support and guidance for Office of General Counsel, legal and regulatory compliance efforts, including audit support

  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies

  • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools

  • Direct and coordinate operational components of incident management, including detection, response and reporting

  • Oversee the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk

  • Manage security projects and provide expert guidance on security matters for other IT projects

  • Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks

Qualifications

  • Requires a Bachelor's degree in Information Systems or equivalent field.

  • An M.B.A. or M.S. in information security is preferred.

  • Minimum of seven years of IT experience, with five years in an information security role and at least two years in a managerial role.

  • Certification from (ISC)2, ISACA, SANS or other relevant certifications.

  • The ability to interact positively with firm personnel through senior executives, build strong relationships at all levels and across all departments and understand business imperatives.

  • Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.

  • Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.

  • Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the U.S. Health Insurance Portability and Accountability Act (HIPAA), the European Union General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standards (PCI DSS).

  • Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.

  • Knowledge in application technology security testing (white box, black box and code review).

  • Understand system technology security testing (vulnerability scanning and penetration testing).

  • Experience creating content for and managing a security awareness program.

Have more questions? Connect with a recruiter directly.

Options


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Consultant Information Security Office

Capital One

Posted 5 days ago

VIEW JOBS 9/13/2019 12:00:00 AM 2019-12-12T00:00 West Creek 5 (12075), United States of America, Richmond, Virginia At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding. Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good. Security Consultant - Information Security Office Security Consultant - Information Security Office Manager, Information Security At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security and Risk Management. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with technologies like Cloud services, Containers, Docker, Microservices, Serverless, APIs, DevOps, noOps, FaaS, NoSQL, Immutable infrastructure, and micro-segmentation. Security is essential to what we do here, from protecting our customers to our associates. Responsibilities: * Act as a central point of contact for your line of business to the rest of Capital One's Information Security and Risk Management * Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management * Serve as an expert in Capital One's Information Security capabilities, solutions, policies, procedures and standards * Influence customers to leverage security capabilities and solutions to shift and integrate security to the left in the development processes * Escalate and manage cyber security risk * Provide ad hoc support on special Information Security hot topics for the business * Provide regular updates to executive leadership with your line of business on the overall Information Security health and risk environment * Work with line of business leadership to anticipate their objectives and needs to better serve the line of business About You: * You have a desire to work in a very fast moving, forward leaning, and modern computing environment * You have a deep passion for Securing modern computing platforms * You have a strong desire to continually learn about new technologies * You possess strong conceptual thinking and communication skills * You are able to work well under minimal supervision * You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors * You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality * You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives Basic Qualifications: * High School Diploma, GED, or equivalent certification * At least 5 years of experience providing guidance and oversight of Security concepts * At least 5 years of experience performing security risk assessments and security architecture reviews * At least 5 years of experience with Architecture, software design, networking, and Cloud infrastructure Preferred Qualifications: * Proven experience in securing a public cloud environment (e.g. AWS, GCP, Azure) * Experience building software utilizing public cloud (e.g. AWS, GCP, Azure) * Experience utilizing Agile methodologies * Experience with Software Security Architecture * Experience with Application Security * Experience with Threat Modeling * Experience with Penetration Testing and/or Vulnerability Management * Splunk-Fu / Enterprise Monitoring experience * Financial services industry experience * Professional certifications such as AWS Certified Solutions Architect and Certified Information Systems Security Professional (CISSP) * Experience in Offensive and/or Defensive Security techniques * Experience in a regulated environment At this time, Capital One Will not sponsor a new applicant for employment authorization for this position. Capital One Richmond VA

Director, Information Security

Mcguirewoods LLP