Information Systems Security Manager

Womble Bond Dickinson (US) LLP is seeking an Information Systems Security Manager (ISSM) to join their team in Winston-Salem, NC. The ISSM is an advocate for the Firm’s total information security needs and is responsible for oversight of comprehensive information security operations to maintain the security posture of the Firm. They will manage security-related projects leveraging collaboration and Firm-wide resources to manage information security risk. The complexity of this position requires a leadership approach that is engaging, imaginative and collaborative with a sophisticated ability to work with other leaders to set the best balance between security strategies and business priorities at the Firm.

RESPONSIBILITIES: 

• Responsible for the tactical leadership of the Firm’s information security program.
• Provide guidance and counsel to the DIS and key members of Firm Management in defining objectives for information security.
• Implement Firm-wide information security governance processes.
• Participate in information security planning processes.
• Advise Senior Management on annual and long-range security and compliance goals, metrics, reporting mechanisms and program services
• Assists DIS in creating maturity models and roadmaps for continual improvement.
• Stay abreast of information security issues and regulatory changes affecting the legal industry at the state and national level.
• Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
• Coordinates weekly on information security requirements with IT personnel on projects, upgrades, patches, vulnerabilities etc., and tracks progress to ensure compliance.
• Perform special projects and other duties as assigned.
• Develop policies and implement effective practices to secure protected and sensitive data.
• Monitor information security controls to ensure compliance with standard frameworks and relevant legislation.
• Evaluate and make recommendations to management regarding the adequacy of the security controls for the Firm's information and technology systems.
• Work with Internal Audit and External Audit consultants as appropriate on required security assessments and audits.
• Work closely with IT leaders, technical experts and administrative leaders across the Firm on a wide variety of security issues that require an in-depth understanding of the IT environment in their units and federal regulations that pertain to their areas.
• Monitor education and awareness programs and provide advice at all levels on security issues, best practices and vulnerabilities.
• Pursuing security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program.
• Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed or requested in addressing and investigating security incidences that arise.
• Supervises the Incident Management Analysis Team.
• Serves as the acting DIS in his/her absence.
• Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies. 
• Examine impacts of new technologies on the Firm’s overall information security.

REQUIREMENTS: 

• Must be certified in one of the following: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Security Auditor (CISA). 
• The ISSM will hold a minimum of an associate’s degree, preferably in a computer or technology related field.
• Preferred minimum of five years of progressive responsibilities and broad-based information security experience, including a minimum of two years in a leadership/mentorship role.
• The ISSM will work with practice management, document management and electronic discovery systems.
• The employee must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds.
• Administration of major hardware systems and software applications.
• Organizing and problem-solving coupled with managing a fluid and fast-moving environment.
• Knowledge of current security trends and state-of-the-art technologies.
• General knowledge of business processes and their interrelationships gained through three or more years of related experience.
• Analysis and resolution of complex issues, both logical and interpersonal.
• Effective verbal, written communications and presentation skills.
• Ability to negotiate and defuse conflict.
• Self-motivated, independent, cooperative, flexible, creative.