Information Security Compliance Manager
New Law company Legility, formerly Counsel On Call/DSi, is looking for an Information Security Compliance Manager to join our corporate team. This individual will primarily be tasked with providing technical expertise in all aspects of enterprise information security compliance for all applicable regulations; developing and managing an information security and compliance program to include participation in broader risk management activities for the enterprise and the development, procedure documentation, evaluation and adherence to multiple areas of practice such as clients, vendors, operational, information security protection and management; and developing a risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities and measures risks levels. He or she will also supervise the information security staff.
This is a full-time opportunity, and work will be done from our office in downtown Nashville.
More specific job duties and responsibilities for the Information Security Compliance Manager will include:
- Responsible for administering, gathering and compiling required reports, documentation and configuration information for ongoing audits (SOC 2), HIPAA site security visits, security questionnaires and RFPs Supports the examination of potential security violations, incidents, malicious activities and attacks by providing vulnerability assessments and analysis to the IT team
- Provides subject matter expertise in the creation, implementation and maintenance of appropriate enterprise programs, policies and procedures to be compliant with all applicable regulations Interprets standards, requirements and their application to the enterprise environment
- Responsible for protection of all enterprise electronic information maintained in computing platforms and repositories for the purpose meeting regulatory compliance for all corporate systems, applications and data to minimize potential legal, regulatory and reputation risk from regulatory non-compliance, unauthorized access or loss of confidential data
- Develops and maintains a business continuity strategy and plan
- Participates in internal and external audits and reviews to ensure compliance with regulatory standards, internal security policy and coordinates with internal audit/IT team
- Performs data analysis of risk assessment and generates technical and summary reports to stakeholders as needed
- Acts as a subject matter expert of information security awareness services, analysis concepts, practices and procedures
- Assists team members and internal clients in addressing highly complex security issues applicable to enterprise environment
- Responsible for coaching and mentorship to the security compliance team
- Recommends, implements and maintains technical and procedural controls to provide regulatory compliance in the most reasonable and cost-effective manner
- Conducts periodic access review for critical systems and application / elevated accounts
- Manages security tool alerts to properly escalate to incidents on a day-to-day basis to resolve abnormalities that arise from start to finish
- Handles the identification, analysis and assessment of information risk, including performing desktop scenarios
- Participates in the product selection and implementation of security technologies
Job Qualifications and Technical Skills:
- Bachelor's degree from four year college or university in information resource management, business computer systems, computer science or computer security
- At least 7-9 years of related experience or equivalent combination of education and/or experience related to the discipline; 3-5 years of progressive experience
- Strong knowledge of current and emerging cyber security risks and innovative risk management methods
- Ability to collaboratively develop a risk strategy in conjunction with stakeholders
- Ability to be highly discreet with sensitive employee and client information management experience
- Able to make decisions that are highly impactful to the organization, including sound financial decisions
- Excellent communicator with internal audiences as well as clients and vendors
- Preferred industry certification in security or systems control related field: CISSP, CISA or CISM
- Strong working knowledge of current marketed security tools and technologies
- Proficiency in working with Microsoft Office applications
Critical Role Competencies
- Ability to understand enterprise business computing operations/requirements and fundamental eDiscovery operations
- Excellent skills in analytical thinking, written and oral communication, and presentations
- Demonstrated skills in project management
- Must have the ability to influence others and work at all management levels across the organizational structure In-depth knowledge and experience with client/server applications and information security issues
- Maintaining confidentiality, integrity and availability of system and data
- Ability to stand firm on issues yet be flexible and creative when working with customers to find effective solutions
Qualified candidates should submit resumes to firstname.lastname@example.org.
Legility (legility.com), a leader in legal operations, provides consulting, technology, managed solutions and flexible legal talent engagement services to corporations and law firms. The company has more than 1,000 lawyers, engineers, consultants, technology and data specialists, and operational experts serving one-third of the Fortune 100 and one-quarter of the Am Law 200. Founded in 2000, Legility works with corporate legal departments and law firms to improve operational efficiency.
Our attorneys, paralegals, and other legal and technology professionals choose to work with our company because of the many flexible, non-traditional and professionally challenging work options the company provides – whether our attorneys and paralegals want to work 15 hours a week or 50, on-site with the client, remotely, individually or in a team environment.