We are looking for a creative, hardworking, self-motivated person to join our IT team as an Information Security Manager. In this role, you will work alongside other IT members to build and manage the programs supporting our existing compliance control activities and initiatives and make security and privacy an integral part of our processes and culture. This role will also be client facing, assisting clients with any IT security requests. Reporting to the Chief Technology Officer, primary responsibilities include:
Managing all internal and external security compliance engagement activities;
Building and managing the programs supporting our existing compliance control activities and initiatives;
Working closely with many cross-functional teams to communicate and integrate control requirements (IT, General Counsel, HR, Finance, others, etc.);
Managing, documenting, and communicating compliance requirements, timelines, and road map to supporting teams and leadership;
Driving project activities to ensure requirements and schedules are met;
Identifying and managing risks and work with project teams to identify appropriate solutions;
Managing, tracking and reporting compliance-related remediation to project teams and management;
Developing metrics and reporting to demonstrate compliance status and engagement;
Communicating the compliance posture and effectiveness to management on a scheduled basis;
Providing ongoing guidance and consultation to the organization to promote a progressive and sustainable Security Awareness Program;
Developing and working with supporting teams to design and implement an automated control strategy and exception reporting process;
Developing a strategy to implement and maintain a centralized audit evidence repository to support all security compliance evidence gathering and maintenance activities;
Integrating ongoing changes to laws, regulations, and NIST frameworks as required into daily activities.
Schiff Hardin is committed to equal employment opportunity and diversity in the workplace. We maintain a policy of considering all qualified applicants for employment without regard to race, color, religion or creed, sex, gender, sexual orientation, gender identity or expression, age, citizenship status, order of protection status, national origin, ancestry, medical condition, genetic information, marital status, physical or mental disability, parental status, source of income, military or veteran status, unfavorable discharge from military service, or any other basis protected by federal, state or local law. We will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.
Position requires 7 - 9 years working experience within Information Security & Compliance along with 5 years of security audit experience, a BS or MS in Computer Science or related field and a strong understanding of relevant security standards such as NIST, ISO 27001, SOC2, etc. Expert understanding of cloud controls and environments, a strong foundation in IT solutions development and deployment and practical understanding of IT security compliance, risk management and information security principles including access control, network security, information security architecture, information security operations, and leading practices and associated tools in a cloud environment (AWS) are critical. Demonstrated experience managing compliance activities as part of a company (not solely in a consulting capacity); implementing a common/unified control framework; managing and working with auditors, internal cross-functional teams and product engineering groups; and experience communicating and reporting to senior leadership is necessary. Individual must possess excellent communication and interpersonal skills with a high degree of empathy and emotional intelligence, be self-motivated with the ability to manage and prioritize multiple deliverables to meet deadlines and demonstrate proven success delivering results individually and as part of a team in a fast-paced, demanding, high growth environment.
About Schiff Hardin LLP
Working at Schiff Hardin is all about professional dedication, responsiveness, and service. The same expectations and standards apply to our non-attorneys as well as our attorneys. We encourage teamwork, ongoing training, career development, and most important — the greatest respect for the administrative professionals who are as integral to our firm's success as our legal professionals.
Schiff Hardin LLP is a general practice law firm representing clients across the United States and around the world. We have offices located in Ann Arbor, Chicago, Lake Forest, New York, Newport Beach, San Francisco and Washington.