Director of Information Security - Flexible Location

Founded in 1920, Akerman is recognized as one of the country’s premier law firms, with more than 700 lawyers in 26 offices throughout the United States.

Akerman is seeking a Director of Information Security to join the firm's IT department.  

Responsibilities: Oversees the Information Security Management function of the firm, including the development, documentation, implementation, operation, and maintenance of an information security program, and heads ongoing activities to preserve the availability, integrity, and confidentiality of organization information resources in compliance with applicable security policies and standards. Responsible for all aspects of data security and the mitigation of risk for the Firm by researching, developing, proposing and implementing as approved firm-wide security policies, standards, procedures and protocols and will manage systems and practices to protect client, employee, and Firm information in compliance with regulatory requirements and in keeping with the Firm’s security policies and standards using the industry’s best practices. The DIS will work closely with and establish a strong communication process with the CIO keeping the CIO timely informed of current issues and potential problems as they develop and will seek advice as needed. 

Best Practices: The DIS will keep informed of all of the best practices for managing and implementing the Firm’s data security systems and processes. To this end, s/he will participate in applicable professional organizations; subscribe to industry literature; attend seminars and other informational events; keep current with applicable government regulations and requirements; and, as appropriate obtain technical certifications to enhance his or her credentials and knowledge.  

Policies, Standards and Protocols: The DIS will quickly become knowledgeable about the Firm’s technology systems, its legal practices and support services areas, its client requirements and its existing policies and procedures to assess its data security requirements and to develop and propose current and long-term data security policies, standards and protocols to ensure the 24/7 security of the technology functions of the Firm and the protection of its information assets and technologies. To this end, the DIS will work with the CIO, senior management and partners to establish and maintain data security strategies and programs; will draft and document all applicable security policies and procedures; will ensure all security policies and procedures are kept current incorporating security changes as they occur; and, will ensure the safekeeping of all security policies and procedures.

Implementation: The DIS will as authorized implement the data security standards, policies and protocols of the Firm. To that end, s/he will be responsible for directing and ensuring that appropriate processes are in place and is responsible for their ongoing effectiveness; will enforce best and most current practices as pertains to all aspects of data security; will evaluate, make recommendations and as approved implement all hardware and software security components for the Firm’s computer, voice, and data network functions; will have a significant role in maintaining the Firm’s Disaster Recovery and Business Continuity Plan; will work with others to remediate findings from vulnerability scans; will prepare detailed documentation on systems configurations as well as security threats and remediation; will on a daily basis review security event logs; will conduct penetration testing and remediation; will work with the Help Desk on alerts and threat remediation; will provide technical guidance and recommendations for new products and services; and, will develop, implement and maintain responses to information security incidences as needed.

Other Duties: The DIS will serve as the primary internal and external contact for data security in the Firm. The DIS will advocate for, enforce as required, promote and communicate on all data security matters. To this end, s/he will respond to all client security audit requests often dealing directly with clients or their representatives; will ensure all security policies and procedures information is communicated to and available to the appropriate personnel; will create and promote a high degree of data security awareness in the Firm; will use tact and diplomacy when enforcing data security requirements; will work to enhance the skills of other team members and the knowledge of end users; and, will develop and implement training programs as best serve data security in the Firm.

The DIS will, from time to time, perform such other duties as are necessary to ensure the timely and efficient performance of the hardware and certain software functions of the Firm.

Skills: The DIS must have the technical and tactical knowledge required for implementation, support, and maintenance of the data security systems and infrastructure with the ability to execute same appropriately and in a timely manner; must have an advanced knowledge of technology security issues; has strong analytical and problem solving skills; is proficient in the technology required to perform job duties; will learn, retain and adapt quickly to technology changes and advancements; has a solid understanding of how technology interacts with other technology in the Firm; will be proactive anticipating problems and taking steps to prevent problems; will continually increase and broaden his/her technical skills and data security knowledge; will conduct him or herself in a highly service oriented manner; has strong interpersonal, leadership and organizational skills; conducts him or herself with tact and diplomacy in all matters; deals positively with work problems; has excellent multitasking abilities setting priorities and meeting time deadlines; works well under pressure; has good verbal and writing skills; will work independently and participate as a team member in projects; and maintains accurate records. S/he must treat all office matters with strict confidence. 

Education and Experience: A college education in a Computer and Information Systems Security or related field; or a minimum of five (5) years’ experience assisting in the development, management and implementation of data security standards and systems administration; and, having or the ability to obtain government security clearances as applicable are required. Prior data security experience in a law firm or financial organization and CISM or CISSP certification would be preferred. The ability to travel for training and educational purposes or as otherwise required is a requirement. 

The DIS should have experience with, knowledge of, or the ability to acquire the following skills: Working knowledge of ISO security standards, rules and regulations related to ISO 27001, as well as other security standards and data privacy frameworks such as NIST, HIPAA, GDPR, and other regulatory requirements at federal and state levels; experience in network or systems administration; an advanced knowledge of the Windows operating system including patching practices, hardening and administration techniques; working knowledge and experience with any of the following technologies VA, SIEM, DLP, IPS/IDS, AV, MFA, VPN, FW, AD, Wireless, ACL’s, Port Scanning, MBSA; experience with event logging and correlation in SOC or CSIRT; an understanding of security concepts, encryption, system hardening, defense-in-depth designs, advanced persistent threats, anomaly detection and next-generation technologies.

We offer an excellent compensation and benefits package. Please submit your resume and salary requirements. EOE

#LI-LS1