Information Security and Risk Manager
Salary: $100K - $115K
5+ years of experience in network/systems administration and 2+ years in security; CISSP, CISA, GIAC or other related information security certifications required
Expertise in Microsoft back office (AD, Exchange, Azure, M365, InTune, PowerShell scripting); specifically experience migrating from on-prem to cloud, VMware vSphere, Cisco UCM/Call Manager/Jabber, and Fortinet firewalls and VPN
Do you have solid knowledge of risk management frameworks to implement strategies to mitigate prioritized risks? If so, a leading Boston law firm is looking to hire an Information Security and Risk Manager. Apply to be responsible for the maintenance of a firm-wide Information Security program that ensures the availability, integrity, and confidentiality of the firm’s information assets.
Responsibilities
- Information Security and Risk Manager will manage systems and practices to protect client, employee and firm information
- Establish and maintain data security strategies and programs
- Conduct risk assessments to evaluate the effectiveness of existing controls
- Investigate and remediate threats
- Monitor, investigate and resolve alerts escalated by third party SEIM provider (Rapid7)
- Provide technical guidance and recommendations for new products and services
- Develop and implement IT security policies, standards, procedures and protocols
- Conduct penetration testing and vulnerabilities scans and coordinate remediation
- Create and promote a high degree of data security awareness in the firm and coordinate annual firm-wide security awareness training
- Participate in the maintenance of the firm’s Disaster Recovery and Business Continuity Plan
- Ensure all security policies and procedures are kept current
- Gather documentation/technical information in support of audit requests and issue remediation efforts
- Stay current with applicable government regulations and requirements
- Enforce best and most current practices as pertains to all aspects of data security
Requirements
- Bachelor's Degree in Computer Science, Information Security, or related field
- 5+ years of experience in network/systems administration and 2+ years in security
- CISSP, CISA, GIAC or other related information security certifications
- Expertise in Microsoft back office (AD, Exchange, Azure, M365, InTune, PowerShell scripting); specifically experience migrating from on-prem to cloud, VMware vSphere, Cisco UCM/Call Manager/Jabber, and Fortinet firewalls and VPN
- Understanding of security concepts, encryption, system hardening, defense-in-depth designs, advanced persistent threats, anomaly detection and next-generation technologies
- Able to clear government security checks as applicable
- Demonstrate strong problem solving, analytical, interpersonal, and ownership skills
- Possess excellent collaboration skills for work with various internal team members
- Knowledge of a variety of security tools
/GSA1-resized-1821-resized-182.png?width=135&name=GSA1-resized-1821-resized-182.png)
