Information Security Manager- NY, CT, or DC

Information Security Manager

*Holders

on-site in any of these 3 location-NY, DC, or CT

Position Summary 

The Information Security Manager is responsible for developing, implementing, and managing the firm’s information security program to protect sensitive client and firm data. This role ensures that the firm maintains strong cybersecurity practices, complies with legal industry security standards, and meets client security requirements. The Information Security Manager works closely with IT leadership, attorneys, and administrative departments to identify risks, implement safeguards, and respond to security incidents.

Key Responsibilities:

Information Security Program Management

• Develop, implement, and maintain the firm’s information security strategy, policies, and procedures.
• Establish and enforce security governance frameworks and best practices.
• Conduct regular risk assessments and security audits to identify vulnerabilities and recommend mitigation strategies.
• Maintain and update the firm’s security policies, standards, and guidelines.

Security Operations

• Oversee monitoring of security systems including SIEM, endpoint protection, firewalls, and intrusion detection/prevention systems.
• Coordinate incident detection, response, and investigation for cybersecurity events.
• Manage vulnerability management and patch management programs.
• Ensure security controls are implemented across network, systems, applications, and cloud environments.

Compliance & Risk Management

• Ensure compliance with client security requirements, legal industry standards, and regulatory obligations.
• Support security questionnaires, client audits, and third-party security assessments.
• Maintain security documentation and evidence for compliance reviews.
• Lead the firm’s cybersecurity risk management initiatives.

Third-Party Security & Vendor Management

• Assess security risks associated with vendors and third-party service providers.
• Conduct vendor security reviews and maintain a vendor risk management process.
• Ensure contracts include appropriate security and confidentiality provisions.

Security Awareness & Training

• Develop and deliver security awareness training programs for attorneys and staff.
• Promote cybersecurity best practices and reduce risks related to phishing and social engineering.
• Conduct regular security awareness campaigns and simulated phishing exercises.

Incident Response & Business Continuity

• Develop and maintain the firm’s incident response plan.
• Coordinate response activities during cybersecurity incidents.
• Support business continuity and disaster recovery planning from a security perspective.

Collaboration with IT and Leadership

• Work closely with IT operations teams to ensure secure system architecture and deployments.
• Advise firm leadership on emerging cybersecurity risks and security investments.
• Provide regular reports on security posture, incidents, and risk mitigation efforts.

Qualifications

• Bachelor’s degree in Information Security, Computer Science, Information Technology, or a related field.
• 5–8+ years of experience in cybersecurity or information security roles.
• Experience managing or implementing enterprise security programs.
• Experience in a law firm or professional services environment preferred.
• Familiarity with protecting confidential and regulated data.

Technical Knowledge:

• Security frameworks (NIST, ISO 27001, CIS)
• Security monitoring tools (SIEM, EDR/XDR)
• Identity and access management
• Network and cloud security
• Vulnerability management
• Incident response and threat detection

Preferred Certifications:

• CISSP
• CISM
• CISA
• Security+
• GIAC certifications