Stradley Ronon is currently seeking a Manager of Information Security in our Center City, Philadelphia office. The Manager of Information Security will evaluate, develop, implement and administer security programs including policies, procedures, training and technical controls to protect Stradley’s client and firm data across all of its systems, offices, devices and infrastructure. S/he will be responsible for ensuring that IT security is properly applied to the technology infrastructure and information within Stradley’s environment in accordance with established policies, procedures and standards and that it is kept current. Under the direction of the Chief Information Officer and working closely with the Chief Privacy Officer and firm management to develop the firm’s information security strategy and program, the Information Security Manager will manage information security, data privacy compliance, policy and procedure enforcement, and information risk auditing, including client audits, coordination of security training and communications and third party compliance with client, firm and client security protocols.
• Oversee and manage the firm’s security policies and protocols, incident response program and procedures, including the development and maintenance of a robust security risk management process to assess, evaluate, assign, and remediate security-related risks.
• Establish and satisfy information assurance and security requirements based upon analyses of client, user, policy, regulatory and resource demands.
• Make improvement recommendations across the enterprise to manage and mitigate business and security risks while ensuring compliance with applicable laws, standards, policies and client requirements.
• Perform analysis, design, and development of security features for system architectures.
• Perform and oversee vulnerability/risk analysis of computer systems, software and applications.
• Routinely advise the firm about current information security trends, technologies and related regulatory issues.
• Establish security metrics to baseline, monitor, and report on security effectiveness and progress.
• Work with vendors to augment and supplement various functions of Stradley’s security program such as penetration tests, vulnerability scans and audits and to ensure compliance with BAA terms and conditions.
• Work with timekeepers, administrative staff, firm committees and management as necessary to address disaster recovery and business continuity programs, security awareness training programs, client security issues and information requests and any other security-related issues affecting client or firm data.
• Analyze and promulgate information on emerging cyber threats and actively engage in industry forums.
Stradley Ronon Stevens & Young, LLP is an Equal Opportunity Employer.
• Bachelor's degree in management information systems, information security, information technology, information systems management or closely related field.
• A minimum of 10 years’ experience working in the information technology and security fields with at least 7 years’ experience in an information security-related role and 5 years’ or more of management experience pertaining to information security and policy is desired. Technology and security consulting experience is a plus.
• Experience developing, implementing, and evaluating IT security standards, procedures, technologies, industry and regulatory/compliance best practices, including specific experience managing large-scale security projects.
• Demonstrated security administration, execution, and documentation experience with enterprise grade network and security infrastructure.
• Knowledge of techniques for defending networks against broad-based security attacks (e.g., ransomware, DoS, phishing, SQL injection, etc.) and advanced persistent threats.
• Hands-on understanding of key security technologies and tools such as encryption, TCP/IP, HTTP, DNS, vulnerability scanning tools, data loss prevention and mobile device management.
• Demonstrated experience with control frameworks such as ISO, NIST and HIPAA.
• Expert, hands-on knowledge of and experience with firewalls, intrusion prevention/detection systems, dual-factor authentication, IDS, IPS, e-mail gateways, proxies, endpoint security and SEIM.
• Outgoing, personable, discrete and capable of being client-facing; able to engender trust.
• Strong analytical, problem-solving, organizational and planning skills. Common sense required.
• Must speak concisely and convincingly and write similarly.