Director of Information Security & Governance

Who We Are

At Benesch we pride ourselves on exceeding expectations and building trust not only with our clients but with our employees - Benesch's #1 asset. Committed to providing not only the highest level of legal service to our clients, Benesch also aspires to create a positive work environment for our employees. Our Firm continues to earn placement on Chicago and Cleveland's Top Workplaces list, along with Cleveland's NorthCoast 99 Top Workplaces rankings. We also continue to advance on the AmLaw 150 list, placing us among the top 150 law firms in the country.

Benesch is proud to be recognized for being a Firm that attracts and retains top talent - making Benesch a great place to work. We offer a hybrid schedule, career development and growth, transparent and visible leadership teams, and a place where diversity, equity and inclusion is celebrated. In addition, the Firm offers a full array of benefits which can be viewed at www.mybeneschbenefits.com.

Working with Us - Come and "Be Benesch!"

We are one of the fastest growing firms in the nation, and have offices in Chicago, Columbus, San Francisco, New York City, and Wilmington. We continue to expand our geographic footprint and value the talent that comprises each of our locations. If you are someone who champions a First in Service approach and are ready to be part of an exciting and growing Firm, we would invite you to apply to join our team.

Want to know more? To hear from some of our team, click here: https://www.beneschlaw.com/careers/index.html

Benesch is proud to announce the opening for a Director of Information Security & Governance in our Columbus office! This position is hybrid and has work from home flexibility.

Position Summary:

Are you interested in developing and leading a comprehensive information security and governance program for one of the nation's fastest growing law firms? Are you looking for an opportunity to be a working Director to guide and lead a team to establish a security posture that aligns the firm's security efforts with standard frameworks? Then our Director of Information Security and Governance opportunity might be just the position for you. This role is perfect for the individual who wants to lead security initiatives and work with internal stakeholders as well as the Risk Management team to ensure the Firm's information assets and client data are well protected.

The Director of Information Security & Governance is responsible for establishing a robust security posture and aligning security efforts with standard frameworks such as NIST, ISO/IEC 27001, and other relevant legal industry standards. The Director has a strong background in cybersecurity, risk management, compliance, and information governance (IG) and works closely with the Risk Management team, General Counsel and IT departments to ensure that the Firm's information assets and client data are well protected. This role is responsible for leading security initiatives, working with internal stakeholders to build a proactive, risk-aware culture, and developing an overall security program and roadmap, as well as driving governance and compliance (GRC) initiatives to meet regulatory, client, and firm expectations. The Director understands the nuances of law Firm systems, data privacy requirements, and the regulatory environment in which the Firm operates. In addition, they lead the design and execution of a holistic information security and information governance strategy that supports the Firm's business goals and mitigates risks. This role is hands-on and requires someone capable of both strategic leadership and operational security, taking direct responsibility for security improvements and response efforts.

POSITION RESPONSIBILITIES

1. Strategic Leadership: Develop, implement, and manage the Firm's comprehensive cybersecurity, information security, and information governance strategies, ensuring alignment with the Firm's overall business objectives and compliance needs.
2. Governance and Risk Collaboration: Partner closely with the Risk Management and Compliance teams to identify risks, enforce information governance policies, and ensure adherence to relevant data privacy laws and regulations (e.g., GDPR, CCPA, HIPAA). Help build out the Firm's data classification, retention, and disposal policies in collaboration with the Records and Risk departments.
3. Security Audits and Assessments: Conduct ongoing security assessments and audits to evaluate risks to the Firm's IT environment, including client data, legal documents, and privileged information. Collaborate with outside Firms for third-party security assessments, penetration testing, and vendor security evaluations.
4. Policy Development: Develop and maintain information security policies, data protection standards, and information governance frameworks that comply with regulatory, client, and Firm-specific requirements. Ensure that policies are aligned with industry best practices and that they support business continuity, disaster recovery, and incident response.
5. Risk Management: Lead efforts to identify, assess, and mitigate risks within the Firm's technology stack and information processes, ensuring the security and confidentiality of client data and internal systems.
6. Data Privacy and Client Security: Ensures the Firm adheres to data privacy regulations and client information security standards. Maintain the Firm's client data security requirements as outlined in various client agreements and contracts.
7. Incident Response: Take the lead role in responding to security incidents, including breaches, phishing attacks, ransomware events, or data loss. Coordinate response efforts, investigate incidents, and provide reports to executive leadership and clients as needed.
8. Technology Oversight: Lead efforts to secure Firm-wide technologies, including practice management systems, document management systems (DMS), email systems, cloud technologies, and third-party SaaS platforms. Ensure that security tools and technologies align with the legal industry's needs.
9. Vendor and Third-Party Management: Oversee third-party vendor assessments, ensuring that vendors adhere to the Firm's security requirements and maintain compliance with data protection laws. Regularly evaluate vendor relationships to ensure that information security standards are maintained.
10. Compliance Monitoring: Ensure compliance with regulatory requirements and maintain certification efforts (e.g., SOC 2 Type II, ISO 27001). Ensure adherence to client contractual obligations, including information governance requirements, security certifications, and reporting obligations.
11. Business Continuity and Disaster Recovery (BCDR): Develop and maintain a Firm-wide BCDR plan that ensures business resiliency in the event of a cybersecurity incident or natural disaster.
12. Client Information Security Support: Act as the Firm's liaison to clients on information security matters, including addressing client concerns, responding to client audits, and ensuring the Firm meets client contractual obligations related to information security and governance.
13. Training and Awareness: Oversee the Firm's security training and awareness program to ensure that all staff members, including attorneys, administrative assistants, and partners, are aware of information security policies, phishing attack prevention, and best practices for handling sensitive information.

KEY COMPETENCIES

Technical Expertise: Advanced knowledge of cybersecurity and information governance frameworks (e.g., NIST, ISO/IEC 27001, HIPAA, GDPR, and CCPA), with the ability to apply these standards to the legal industry.

Law Firm/Legal Knowledge: Strong understanding of information governance, document management, legal holds, e-discovery, and client confidentiality requirements. Ability to work with legal professionals to meet stringent data retention, privacy, and compliance standards.

Data Privacy and Compliance: In-depth knowledge of data protection laws (e.g., GDPR, CCPA) and their applicability to law Firms, with demonstrated success in driving compliance programs for privacy and client security requirements.

Vendor and Contract Management: Strong ability to manage third-party security vendor relationships, including negotiating service-level agreements (SLAs) and security contracts to ensure protection of the Firm's data assets.

Leadership and Communication: Ability to engage with the executive team, legal partners, and IT stakeholders, with a track record of influencing cross-functional teams and driving security initiatives across the Firm.

Information Governance Best Practices: Strong understanding of information lifecycle management, including document retention, records management, and compliance with outside counsel guidelines.

Incident Response and Forensics: Experience leading incident response teams, conducting security forensics, and handling client notifications in the event of a security breach.

QUALIFICATIONS

The Director of Information Security & Governance must have a Bachelor's degree in computer science, information systems, computer engineering, or a related field. A Juris Doctor (JD) degree is a plus, inclusive of the legal industry's data privacy and security requirements knowledge. 10+ years of experience in information security, cybersecurity, and information governance, with a minimum of 5 years in a leadership role, preferably in a law firm or professional services environment, is required. Professional certifications such as CISSP, CCISO, CISM, CISA, or CGCIO are preferred. Project management experience with large-scale security programs or information governance initiatives is preferred. Proven experience developing and implementing information governance frameworks and data security policies is essential.

Benesch is an equal opportunity employer. We strongly value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability (where applicant is qualified to perform the essential functions of the job with or without reasonable accommodations), medical condition, protected veteran status, gender identity, genetic information, or any other characteristic protected by federal, state, or local law.

Applicants who are interested in applying for a position and require special assistance or an accommodation during the process due to a disability should contact the Benesch Human Resources Department by phone at 216-363-4578 or email at cwatson@beneschlaw.com.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities