Information Security Director – ISD

This is a fully remote position, open to applicants in Virginia.

📋 Description

• Establish and implement a comprehensive cybersecurity strategy for the Firm, aligned with NIST CSF, NIST AI RMF 1.0, ISO 27001, and SOC 2 frameworks

• Take ownership of the Firm's Information Security Management System (ISMS) and ensure its ongoing improvement

• Lead the gap analysis for ISO 27001 and create a roadmap for achieving certification

• Create, update, and enforce security policies, standards, procedures, and governance frameworks

• Identify and monitor key risk indicators (KRIs), metrics, and reporting systems

• Act as the Firm's executive leader for AI security and governance

• Develop and implement a scalable AI governance framework that includes acceptable use policies, risk-tiering criteria, and data handling protocols

• Manage the Firm's vendor risk management program, covering intake, risk assessment, tiering, and ongoing monitoring

• Supervise the Firm's SOC 2 Type II program, which encompasses control maintenance, evidence gathering, and auditor interactions

• Offer executive oversight of the security architecture within Microsoft 365 and Azure

⛳️ Requirements

• Over 10 years of advanced experience in information security, including roles in leadership and program management

• CISSP certification is mandatory; CISM or similar qualifications will be considered

• Proven track record in leading or expanding a security program, ideally within law firms or professional services

• Extensive experience in cloud security, vendor risk management, and compliance frameworks

• Familiarity with SOC 2 programs and enterprise security tools in Microsoft environments

🏝️ Benefits

• Medical, dental, and vision insurance

• 401(k) retirement plan

• Additional benefits to assist with retirement planning

• Complimentary access to Employee Assistance Programs

• Various programs aimed at promoting health, security, and a positive work/life balance for you and your family