Director of Information Security
Lewis Roca
Hybrid remote in Denver, Colorado
Job Description
Director of Information Security
Denver, CO, Phoenix, AZ, Glendale, CA
Lewis Roca, a full-service law firm with 9 offices in the Western United States, has an immediate opening for a Director of Information Security based in our Phoenix office. This position is exempt, full-time, and will report to the Chief Information Officer.
The Director of Information Security will develop, implement, and monitor our enterprise cybersecurity and IT Risk Governance program. This position will be responsible for security operations, regulatory compliance, cyber risk and cyber intelligence, client consulting, data loss and fraud prevention, program management, investigations and forensics, and governance.
Successful candidates may currently be in an Information Security Director position or may be an Information Security Manager position looking to take the next step.
About Lewis Roca:
Our award winning team of lawyers offer extensive experience in a wide range of disciplines. We strive to be the employer of choice in the legal community. Our goal is to attract talent of varied backgrounds who meet our standards of excellence and reflect the marketplace that we serve. We embrace this diversity; it contributes to our success.
A set of core principles guide our work with our clients and with each other. Together, we call this Experience Amplified. It is a client-centered operational approach that helps define a culture of service excellence. It contributes to our highly collaborative group of business professionals, led by a dedicated and passionate C-Team.
Duties and Responsibilities:
- Create and execute strategies to improve the security of firm information systems, including recommending and updating firm security policies.
- Lead the response to client audit requests and security questionnaires, as well as internal incident response efforts, and act as a key liaison between upper-level management, IT staff and external service providers.
- Conduct on-site client IT and Information governance audits.
- Develop and maintain information security policies, procedures, standards, and guidance.
- Maintain an understanding of current issues relating to information security, data privacy and business continuity, including relevant standards, codes, regulations, statutes and technologies.
- Maintain the firm’s ISO 27001 Certification.
- Strong knowledge of security best practices and the ability to keep current on emerging threats and new technologies is required.
- This position also plays a key role in assessing, testing and selecting new security technologies and assisting in preparing project and annual budgets.
- Develop and maintain technical documentation and participate in the development of firm IT operations and security policies and processes
- Work effectively with support organizations and outside consultants to augment the team's capabilities and expertise
- Manage stakeholder expectations and keep them informed of progress and status
- Interact and communicate with customers and colleagues in person and via telephone, email, and IM in a respectful, professional, and effective manner.
- Perform other duties as assigned
Education and Experience:
- A Bachelor's degree in a related field is required.
- CISSP or similar security certification is required.
- The position requires 5+ years’ experience in a security focused role, preferably in a law firm environment.
- Experience in standards, frameworks and regulations, such as ISO 27001 and related standards, ISO 22301, EU GDPR, NIST 800-53, NIST 800-171, NY DFS Cybersecurity Regulation, HIPAA and HITRUST.
- Understanding of firm security technologies including SIEM solutions, multi-factor authentication, endpoint detection and response, network access control, email filtering, IPS/IDS and others.
- Experience in conducting and/or participating in IT audits, and in answering client audit requests and security questionnaires.
- Advanced writing skills, being able to articulate ideas for executive-level as well as technical staff consumption.
- Analytical and problem-solving skills, being able to apply prior experience and knowledge to new situations and challenges.
- Strong and flexible presentation skills, being able to interact with technical subject matter experts as well as executive level stakeholders.
- Demonstrated success in project and/or program management.
Lewis Roca offers competitive compensation and benefits, including:
- 401(k) with generous employer match
- 3 weeks of paid vacation
- 10-paid holidays per year
- Benefits start on day 1
- Several medical plan options to choose from, including traditional plans and HSA qualified plans
- Tuition reimbursement
- Gym reimbursement
- Well-being program
- Employer-paid life insurance and long term disability
- And much more!
Pay rate: $175,000 - $195,000
Compensation can vary based on experience and geographic region
How to Apply
Thank you for your interest in Lewis Roca. To complete an application and submit your resume, please click "Apply for this Position." No phone calls, please. We will contact you if your resume indicates that you are a strong candidate for this position. #LI-LH1 #LI-HYBRID
We are not accepting resumes from search firms for this position.
Lewis Roca is an Equal Opportunity Employer. We do not discriminate on the basis of race, sex, sexual orientation, gender identity, religion, national origin, color, age, physical or mental disability, spousal affiliation, marital status, a serious medical condition, genetic information, veteran status, or any other basis prohibited by federal, state, or local law.
For more information about equal employment opportunity,
please click here for the “Know Your Rights” poster
. To request a disability accommodation in the application process,
please click here
. Lewis Roca participates in E-Verify, please click
here
for more information. For information regarding your Right to Work, please click
here
.
