We have an opening for a Manager, Cyber Security Risk Specialist in our Washington, DC office.
The Manager, Cyber Security Risk Specialist leads or provides support to identifying and implementing industry standards (e.g., NIST, ISO and COBIT) and applicable regulatory or client guidelines to assist in evolving the Firm’s IT Risk Management (ITRM) governance frameworks to minimize IT risk.
The role will contribute to evolving ITRM’s oversight, reporting, governance, communications, and education efforts, as well as assist in the development of the methodologies, policies, process, and tools to support certification and assessment initiatives.
In this capacity, the Manager, Cyber Security Risk Specialist will:
- Serve as a key contributor in all areas of IT risk management & governance; including providing security expertise on prioritizing and managing IT risk, and facilitating the adoption of IT Risk policies, standards and guidelines;
- Lead and support the development, maintenance and evaluation of organizational InfoSec policies and procedures to verify alignment to Firm and Client InfoSec requirements and provide guidance, as applicable, to mitigate risk;
- Support independent assessment/analyses of key processes and the identification of remediations to address gaps to mitigate IT risks;
- Conduct risk assessments on priority areas to identify opportunities for control enhancement and risk mitigation;
- Evolve, maintain and track IT risk registers and associated POAM initiatives;
- Facilitate the definition and maintenance of InfoSec measures and metrics; and
- Handle additional related projects as assigned.
In addition, the Manager, Cyber Security Risk Specialist will be expected to have:
- Strong understanding of the technology and operational risks as related to internal technology solutions;
- Advanced awareness of current information security standards and developments (CSF, NIST, ISO), the COSO framework, as well as the emerging cyber threat landscape;
- Proven ability to anticipate and identify risks and effective remediations;
- Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices;
- Ability to develop and maintain a solid working relationship across the departments; and
- Knowledge of existing and new security applications, platforms and architectures.
- At least seven (7) years of combined information technology, information security and risk management experience;
- Bachelor degree in Information Security, Information Assurance, Computer Science, Information Systems, or other related field (two years of additional experience may be substituted for two years of college credits);
- CISA, CISM, GSEC, CISSP, CRISC or other security-related certification preferred;
- Advanced understanding of risk management concepts, frameworks, and methodologies;
- Strong understanding of information security concepts and technologies;
- Background in consulting preferred;
- Fundamental knowledge of the operation of law practices
- Advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.