Arnold & Porter has an opening for a Manager of Information Security in the Washington, DC office. The Manager is a hands-on operational role who will help oversee and perform the cybersecurity operations, engineering and related architecture functions within Arnold & Porter. Under the direction of the Director of Information Security & Compliance, and supervising a team of Security Engineers, the Manager will be directly involved in the design, implementation and maintenance of advanced security technologies. The incumbent will perform in-depth security reviews for new projects and technologies, provide frontline response for all security incidents, and perform security risk assessments.
Responsibilities include but are not limited to:
Function as the primary resource/lead for the Firm's key security platforms including the coordination of design, implementation, and maintenance of those platforms within the Information Security and other IT operations teams - ensuring the on-going continuity of support and operations necessary to support business operations.
Lead the front line security incident response as a member of the on-call rotation team. Provide timely investigation and resolution to all suspicious email reports, malware instances, and other security events. Manage continuous improvement of the team's incident response effort through automation, process maturity, postmortem analysis, and other activities as appropriate and applicable.
Assist the Director in assessing and reviewing the Firm's current technology infrastructure to identify key risk areas, ensuring that adequate controls are in place to address those risks. Function as a principal security architect to research specific security technologies and controls as requested by senior management.
Assist the Director to develop and implement appropriate information security policies, protocols, procedures, standards, and work instructions as needed for Arnold & Porter.
Oversee and work on efforts to automate mundane or time-intensive security operations tasks and processes including the integration of these automation efforts and initiatives into the security architecture in a transparent and supportable way to augment the Information Security team’s current abilities.
Use established processes to conduct detailed, written security reviews for vendors, projects, and technologies. The security review process includes conducting initial intake interviews with stakeholders, researching and performing due diligence, using third party risk management tools, conducting risk assessments, and presenting final recommendations for moving forward in a secure manner.
Lead efforts to improve cyber threat intelligence (CTI) gathering, analysis, and management.
Manage the enterprise vulnerability management program including conducting periodic scheduled processes and procedures such as running vulnerability scans, coordinating vulnerability remediation efforts, and periodic privileged access reviews.
Maintain operational responsibility for the information security team's ticketing queue, primarily relating to the evaluating and managing tickets requesting policy exceptions.
Manage, train and develop staff to ensure that the team possesses the necessary skills and knowledge to optimally support the enterprise security tools and technology. Address and remediate security vulnerabilities and risks, and properly respond to security incidents.
Offer insights and collaborate with the Director and within the team to provide input to strategic and tactical planning, initiatives, and projects.
Minimum of five (5) years in Information Security with increasing responsibilities within job roles held.
Minimum of three (3) years of experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
Four year college degree preferred; equivalent experience will be considered.
CISSP, GIAC or other similar certifications are preferred.
Technical expertise, experience and understanding of Windows, Unix/Linux, and Active Directory.
Technical expertise, experience and understanding of core networking protocols, including TCP/IP, UDP, DNS, DHCP, HTTP/HTTPS, routing protocols.
Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
Ability to manage the activities and projects for an IT / security operations team with a wide range of operational support responsibilities.
Ability to develop and maintain a strong set of operational working procedures.
Ability to communicate complex technical information to a non-technical audience.
Strong project and task management skills.
Effective oral and written communication.
Ability to identify the appropriate method of communication.
Strong client service skills and personal initiative.
Excellent organizational and problem-solving skills.
Proficiency in handling a number of projects simultaneously.
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations.
Ability to write reports, business correspondence, and procedure manuals.
Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
Arnold & Porter is an equal opportunity and affirmative action employer that does not discriminate on the basis of race, color, creed, religion, national origin, sex (which includes pregnancy, childbirth, breastfeeding and related medical conditions), age, marital status, sexual orientation, gender, gender identity, gender expression, transgender, disability, medical condition, family leave status, citizenship status, ancestry, genetic information, military or veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. Our Firm's equal opportunity policy applies to all employment practices and terms and conditions, including, without limitation, recruitment, employment, assignment, training, compensation, benefits, promotions, disciplinary action and terminations. To achieve our goal of equal opportunity, Arnold & Porter maintains an affirmative action plan through which it makes good faith efforts to recruit, hire and advance in employment qualified minorities, females, individuals with disabilities and protected veterans. If you would like more information about your EEO rights as an applicant under the law, please click EEO is the LAW and the Supplement poster.
Arnold & Porter is an EO Employer - M/F/Veteran/Disability/Sexual Orientation/Gender Identity.