DIRECTOR, CHIEF INFORMATION SECURITY OFFICER (CISO)
This is an exciting opportunity to work for one of the top law firms in the U.S. Davis Wright Tremaine LLP is looking for an innovative, senior-level professional to join our team in Seattle as our new Director, Chief Information Security Officer to oversee and coordinate a comprehensive information security and risk management program to ensure that firm information assets are adequately protected.
The Director, Chief Information Security Officer (CISO) is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the firm. A key element of the (CISO) role is working with executive management to determine acceptable levels of risk for the organization. This role will lead the implementation of remediation as appropriate.
Develop, implement, and manage an information security management system (ISMS) to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the firm.
Refine, maintain, and oversee compliance with the firm’s security policies and requirements, consistent with the firm’s strategic plan, and have overall responsibility for the implementation of those policies and requirements.
Identify and develop goals, objectives and metrics for the implementation of those requirements.
Provide strategic leadership and guidance on the appropriate information security services, mechanisms, technologies and features to satisfy security policy and requirements in key areas: applications, computing platform architecture, data governance, network environment, enterprise architecture, security models, and protection mechanisms. Physical protection responsibilities will include asset protection, workplace violence prevention, access control systems, video surveillance, and more.
Manage a team of security, risk, and compliance personnel.
Coordinate security reviews and functions with the firm’s attorneys, other professional staff, and administrative staff as necessary for the secure operation of the firm. Partner with business and IT leaders on risk and control areas, such as regulatory, external audit and risk management processing, including conducting periodic risk assessments.
Advise the IST Leadership Team on risks related to information security and recommend actions in support of the firm’s comprehensive information security and risk management program.
Work with IST leadership to develop security-related training programs, awareness campaigns, metrics, and skills for the organization. Work with outside consultants as appropriate.
Maintain relationships with local, state and federal law enforcement, and other related government agencies.
Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
Continuous review of internal technical and procedural security controls. Hunt for configuration issues and gaps in procedures and controls. Drive corrective and proactive action to mitigation gaps.
The Successful Applicant:
10+ years’ experience in security roles and appropriate education and / or certification (CISSP, ISSMP, CCISO, etc.) required.
Must be an articulate and persuasive leader who can serve as an effective member of the senior management team and who is able to communicate security-related concepts to a broad range of technical and non-technical staff.
Prior experience with business continuity planning, auditing, and risk management, as well as contract and vendor negotiation required.
Demonstrate a strong working knowledge of pertinent law and the law enforcement community.
Must have strong understanding of network, system, application and data protection standards, benchmarks, processes, applications, and tools and techniques (SIEM or Log Management solutions; Python, bash, or other scripting languages; AWS, Azure, and other public cloud solutions; etc.).
Exhibit a deep understanding of the current landscape of security risks, attack vectors, and vulnerabilities.
Proven ability to work with professionals throughout an organization, including partners, associates of all levels, and IT staff.
Excellent written and verbal communications skills at the project level and focused on serving internal clients; excellent organizational and time management skills.
Highly motivated and willing to do what it takes to get the job done; able to assume responsibility and work autonomously and ethically in a professional manner.
This position description intends to describe the general nature and level of work being performed by individuals assigned to this position. It is not intended to include all duties and responsibilities.
Additional Salary Information: DOE Relocation expenses are negotiable.
Davis Wright Tremaine is dedicated to providing excellent legal services, and delivering them in a manner customized to each client’s particular needs and preferences.
This commitment has remained intact for decades as the firm has grown across the nation and to China. Today, Davis Wright is a full-service firm with approximately 500 lawyers in nine offices on the east and west coasts of the Un...ited States and in Shanghai. We are recognized for excellence in a broad number of areas, with 89 of our attorneys across 31 practice areas cited as leaders in their fields in the most recent Chambers USA guide, and over 140 of our attorneys across 56 practice areas included in the 2015 edition of "The Best Lawyers in America."