What You Will Be Doing
The Cyber Security Program Lead supports the firm's ISO 27001 information security and data protection efforts ensuring key requirements are met and the ongoing monitoring and improvement of cyber security protections. Advises the Director of Information Security on strategic and technical program and policy initiatives. Works across groups within Information Services to implement security-related projects and procedures, confirm proper operation of security infrastructure, and ensure proper incident response. Provides consultation on the integrity of security procedures, systems, and policies in the design of new applications and services facilities. Leads the firm's third-party risk management program, vulnerability management and mitigation, incident response planning, and ongoing risk assessments. Ensures accurate completion of client and internal cyber security audits. Provides guidance and coaching to other security team members.
About This Role
Provides expert level guidance to the Director of Information Security on industry best practices, policy and governance models, and data protection and assurance requirements.
Approves risk decisions and exceptions to firm policy in coordination with the Director of Information Security.
Acts as subject matter expert regarding cyber security matters and provides guidance to other members within the department.
Leads security initiatives, processes and projects coordinating support from other members of the information security team.
Supports security interests within the system development lifecycle including production acceptance, change management, user administration, security logging, secure process flow, and security best practices. Manages the firm's application security review process, ensuring new services are properly vetted.
Oversees and participates in the completion and hosting of both firm client and internal security audits.
Monitors on-going security incident response procedures to ensure proper identification and prioritization of incidents.
Leads information security projects that apply security protections to enterprise systems, business processes, and information resources.
Assists with proactively supporting client service by actively participating in security audits and assessments, new business development and information requests related to the security program policy and initiatives.
Assumes additional responsibilities as assigned.
Demonstrated experience and broad knowledge of information security concepts, risk management processes and techniques, systems security planning, security control assessments, auditing and accountability, configuration management, incident response planning, contingency planning, and vulnerability assessment and remediation management.
Hands on experience with the installation and support of computing platforms and applications, including selection, design, and support of cyber security tools.
Working familiarity with one or more major cyber security compliance frameworks (NIST; ISO 27001; etc)
Knowledge of security issues, techniques, and implications across all existing computer platforms required.
Knowledge in networking, databases and systems operations is desired.
Strong work ethic; excellent use of discretion and judgment. Excellent written communication skills.
Strategic thinking and planning abilities required.
Critical analysis and analytical thinking:
Effectively meet challenges, provides solution to overcome problems, and drives consensus within the team.
Proven interpersonal and communication skills.
Demonstrated problem solving abilities, analytical skills, and proven ability to meet challenging deadlines required.
What You Will Bring
Able to breakdown raw information and undefined problems into specific, workable components that in-turn clearly identify the issues at hand.
Makes logical conclusions, anticipates obstacles and considers different approaches that are relevant to the decision-making process.
Bachelor's Degree in Cyber Security, Computer Science, related technical field, or equivalent work experience.
Security Certification (CISSP, CRISC, etc) or equivalent is desired.
Five (5) or more years of work experience supporting information security in a large and complex environment; or other equivalent combination of education and experience that provides the required knowledge and skills.
Experience managing projects and initiatives in a team environment at cyber security organization.
Upon joining the firm new hires will go through our onboarding program and be paired with a staff mentor to help them acclimate to the firm. Additionally, there will be opportunities for new employees to take advantage of training and development, public service, and diversity and inclusion programs.
WilmerHale is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, gender identity, national origin or ancestry, age, disability or veteran status, or other protected status.
Miamisburg, Ohio, United States
Equal Opportunity Employer/Females/Minorities/Veterans/Disability