Design, implement and maintain secure authentication and authorization architecture across firm systems and applications.
Align cloud, network and technology infrastructure with zero trust security principles and industry best practices.
Provide security guidance and best practices for cloud infrastructure, existing technology platforms, and new IT solutions.
Manage the preparation, execution, and remediation of security assessments, risk reviews, and compliance activities.
Develop, track and report on security metrics, key performance indicators (KPIs) and overall program effectiveness.
Support the Security and Compliance Specialist with client-required compliance reviews by preparing and validating approved security artifacts and documentation.
Assist with vendor security assessments by evaluating compliance gaps, developing remediation plans, and supporting implementation of required security controls.
Review and monitor firm systems to ensure compliance with established security baselines, policies and standards.
Manage, optimize and evaluate existing security tools and technologies while recommending and implementing solutions to strengthen the firm’s security posture.
Develop, maintain, and monitor standardized security processes to ensure consistent application of controls across the firm.
Ensure security requirements are incorporated into end-user access management, equipment provisioning, and technology lifecycle processes.
Execute security, privacy, and risk-related audit activities while ensuring appropriate documentation and follow-up.
Conduct security reviews of proposed software, vendors, applications, and technology projects to identify risks and recommend mitigation strategies.
Monitor and enhance data protection practices, including network storage security, encryption standards, removable media controls, and remote access safeguards.
Troubleshoot and resolve network security, access, and system integrity issues.
Monitor emerging cybersecurity threats and vulnerabilities using industry resources, including government and law enforcement advisories, and communicate relevant risks to stakeholders.
Partner with cross-functional teams to identify security improvements, operational efficiencies, and opportunities to strengthen technology controls.
Recommend and lead security enhancements based on industry best practices related to threat management, vulnerability prevention, compliance, and monitoring.
Analyze security incidents to identify root causes and provide recommendations to management to reduce the likelihood of future occurrences.
Requirements
Bachelor’s degree in information technology, cybersecurity, computer science, or a related discipline required.
Minimum of five years of progressive experience in information security, cybersecurity, network administration, or a related field; experience within the legal industry preferred.
Working knowledge of Microsoft Conditional Access, identity and access management (IAM), and security controls within Microsoft environments.
Strong understanding of network architecture, security principles, and troubleshooting methodologies.
Experience designing, implementing, and managing technology and security projects involving internal teams and external vendors or contractors.
Demonstrated ability to manage confidential and sensitive information with professionalism, discretion, and sound judgment.
Strong interpersonal skills with the ability to build collaborative relationships across teams and with business stakeholders.
Proven ability to establish goals, prioritize competing tasks, and coordinate efforts across multiple teams and stakeholders.
High attention to detail with strong planning, project management and organizational skills.
Passion for emerging technologies and a commitment to continuous learning and professional development within the cybersecurity field.
Ability to independently research, evaluate, and implement new technologies while serving as a subject matter expert in assigned areas of responsibility.
Excellent written and verbal communication skills, with the ability to clearly explain technical concepts, security risks, and solutions to both technical and non-technical audiences.
Strong documentation skills with the ability to create clear, accurate, and comprehensive technical documentation, processes, and procedures.
Ability to support ongoing security monitoring and assist with the investigation, response, and resolution of critical security or technology issues outside of standard business hours.
Tech Stack
Cloud
Cyber Security
Benefits
Health care coverage (medical, dental, and vision)
Life insurance
Short
and long-term disability
Paid parental leave
Employee wellbeing and EAP programs
Paid time off
401(k) retirement plan with employer matching and profit-sharing