Company is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies.
With a strong presence throughout Asia, Europe, Latin America, and the U.S., we have the global reach and extensive capabilities to provide personalized service wherever our clients’ needs take us.
As one of the world’s leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth.
The Firm has a range of diversity initiatives including our Company Affinity Networks (PHANs), Women’s Initiative, and PH Balanced.
These initiatives provide a firmwide forum to share experiences, as well as an opportunity to participate in a supportive network with common interests to help make life at the firm more inclusive.
Learn more about our Global Diversity, Inclusion and Wellness Initiatives here.
Responsibilities Duties:
We have an opening for an Manager, Cybersecurity Controls.
The Manager, Cybersecurity Controls will lead or support security controls enforcement through the analysis, development, implementation, maintenance and enforcement of the Firm’s information security (InfoSec) standards, guidelines, processes and associated documents. This role will support the assessment, remediation and reporting of cyber risk, as well as identifying the appropriate controls and protocols to reduce or manage IT risk.
In this capacity, the Manager, Cybersecurity Controls will:
Manage or support the enforcement of the InfoSec policy, procedure and process portfolio, including standards, guidelines and processes to verify alignment to Firm and Client InfoSec requirements and make recommendations for improvement;
Identify potential or actual gaps in the information security program based on information security standards (CSF, NIST, ISO, COBIT), assessments, regulatory and Client requirements;
Evaluate, recommend, develop, coordinate, monitor and maintain information systems (IS) and cyber security policies, procedures, processes, standards, guidelines and controls evidence library;
Operationalize guidelines and roadmaps into actionable project plans, as well as manage multiple workstreams across matrixed teams in parallel;
Implement and socialize security related standards, procedures, processes and guidelines, as well as enforce and monitor/track adoption across stakeholder groups;
Provide stakeholder guidance regarding the development of and provides quality assurance reviews to procedure, process, standards and guidelines deliverables to validate alignment to Firm and Client requirements;
Lead and support the definition, maintenance and reporting of InfoSec measures and metrics from a CyberSecurity perspective;
Collaborate with the InfoSec team and other stakeholders as appropriate, including providing guidance regarding the effective development, and implementation/adoption of InfoSec standards, guidelines and processes;
Assist with the creation and maintenance of the Cyber risk register and associated mitigations or POAM activities;
Ability to explain technical threats, associated controls and remediation activities to both technical and non-technical stakeholders;
Oversee and support the Firm’s InfoSec responses to client assessments and presentations to clients; and
Handles additional related projects as assigned.
In addition, the Manager, Cybersecurity Controls will be expected to have:
Understanding of the technology and operational risks as related to internal technology solutions;
Awareness of current information security standards (CSF, NIST, ISO), as well as the emerging cyber threat landscape;
High level technical understanding of security auditing practices, applications, platforms and architectures;
Ability to develop and maintain a solid working relationship across multiple stakeholder groups; and
Strong analytical skills.
Key Skills:
We have an opening for an Manager, Cybersecurity Controls.
The Manager, Cybersecurity Controls will lead or support security controls enforcement through the analysis, development, implementation, maintenance and enforcement of the Firm’s information security (InfoSec) standards, guidelines, processes and associated documents. This role will support the assessment, remediation and reporting of cyber risk, as well as identifying the appropriate controls and protocols to reduce or manage IT risk.
In this capacity, the Manager, Cybersecurity Controls will:
Manage or support the enforcement of the InfoSec policy, procedure and process portfolio, including standards, guidelines and processes to verify alignment to Firm and Client InfoSec requirements and make recommendations for improvement;
Identify potential or actual gaps in the information security program based on information security standards (CSF, NIST, ISO, COBIT), assessments, regulatory and Client requirements;
Evaluate, recommend, develop, coordinate, monitor and maintain information systems (IS) and cyber security policies, procedures, processes, standards, guidelines and controls evidence library;
Operationalize guidelines and roadmaps into actionable project plans, as well as manage multiple workstreams across matrixed teams in parallel;
Implement and socialize security related standards, procedures, processes and guidelines, as well as enforce and monitor/track adoption across stakeholder groups;
Provide stakeholder guidance regarding the development of and provides quality assurance reviews to procedure, process, standards and guidelines deliverables to validate alignment to Firm and Client requirements;
Lead and support the definition, maintenance and reporting of InfoSec measures and metrics from a CyberSecurity perspective;
Collaborate with the InfoSec team and other stakeholders as appropriate, including providing guidance regarding the effective development, and implementation/adoption of InfoSec standards, guidelines and processes;
Assist with the creation and maintenance of the Cyber risk register and associated mitigations or POAM activities;
Ability to explain technical threats, associated controls and remediation activities to both technical and non-technical stakeholders;
Oversee and support the Firm’s InfoSec responses to client assessments and presentations to clients; and
Handles additional related projects as assigned.
In addition, the Manager, Cybersecurity Controls will be expected to have:
Understanding of the technology and operational risks as related to internal technology solutions;
Awareness of current information security standards (CSF, NIST, ISO), as well as the emerging cyber threat landscape;
High level technical understanding of security auditing practices, applications, platforms and architectures;
Ability to develop and maintain a solid working relationship across multiple stakeholder groups; and
Strong analytical skills.
Experiance Qualifications:
At least seven (7) years of combined information technology and information security experience;
Bachelor degree in Information Security, Information Assurance, Computer Science, Information Systems, or other related field (two years of additional experience may be substituted for two years of college credits) (required);
CISA, CISM, GSEC, CISSP or other security-related certification preferred;
Strong understanding of information security concepts and technologies;
Strong understanding of industry control frameworks, risk management concepts, frameworks, and methodologies;
Background in “big 4” consulting preferred;
Fundamental knowledge of the operation of law practices; and
Advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.