Friedman Williams
Director of IT Security Solutions Washington DC
Job ID: 16924
The Director of IT Security Solutions is responsible for leading a team of engineers to architect, design, build, maintain, and support the Firm’s portfolio of security technologies and solutions, inclusive of Perimeter Defense, Monitoring & Logging, and Identity, Access, and Authorization Management. In this capacity, the Director must strike the necessary balance of delivering solutions that provide an optimal experience for our lawyers, staff, practice groups, and clients, without making compromises that add unacceptable risks to the Firm
• Overall Management Duties
The Director’s primary responsibility is to partner closely with Information Security, Compliance, IT, and other cross-functional leadership to deploy secure, yet intuitive technology solutions while managing the Firm’s portfolio of security related technologies.
• Strategic Role at the Firm
The Director’s strategic, long-term role is to drive alignment between the Firm’s Info Security and IT strategies. The Director brings technology thought leadership to achieve security objectives, actively shaping the IT Security roadmap to deliver capabilities that uphold the Firm’s risk posture.
• Department Management
The Director will lead a team of IT Security engineers who oversee the Firm’s security technology portfolio, with direct operational oversight responsibilities for technologies that enable Perimeter Defense, Identity Access, and Authorization Management, and Monitoring & Logging.
• Relationships with Firm Management
o The Director works with key committees to define policies, plans, and budgets required for delivering and maintaining security technology solutions. The position requires collegial relationships with business executive stakeholders and lawyers to operate as a senior management resource to support the Firm’s overall technology strategy and Chief Information Officer
o The Director also works closely with other Directors within the Information Technology organization and across the Firm (e.g., Information Security, Litigation Support Services, Marketing, Accounting, Human Resources) to deliver technology solutions
o The Director demonstrates effective spirit of teamwork with Firm management, lawyer committees, partners, directors and their staff in providing time-sensitive client services and robust, user-oriented information systems
Responsibilities
Technology Oversight Responsibilities
The Director has the direct responsibility to develop and support the Firm’s IT Security Solutions. Among other duties, the Director will:
• Leads the end-to-end management of the Firm’s global security and user lifecycle management technology, inclusive of strategic planning through to operational support and maintenance
• Partners closely with Information Security, Compliance, and IT leadership to both architect solutions and operationalize processes that uphold the Firm’s policies, standards, and requirements (e.g., DLP, System Access Management, Data Classification, Monitoring)
• Proactively consults with cross-functional stakeholders to translate Firm needs into solution roadmaps which are socialized and aligned to broader IT and Firm strategic priorities
• Works closely with IT technical teams to evaluate and uphold security standards for Firm information, computer, network, and processing systems
• Ensures the confidentiality, integrity, and availability of Firm data during processing, transmission or at rest to/from/between Firm workstations, servers, databases and applications whether on-premises or externally hosted
• Intakes and prioritizes the response and remediation of Information Security Incidents and Requests, and measures performance
• Leads continuous process development, improvement, and automation of IT Security related solutions and support activities
• Participates in the design and oversees the implementation of recommended information security controls associated with new project application/system deployments
• Supervises all investigations into information security incidents in coordination with IT and Information Security leadership
• Works closely with IT technical teams to evaluate, uphold, and apply security standards for Firm information, computer, network, and processing systems
• Ensures the confidentiality, integrity, and availability of Firm data during processing, transmission or at rest to/from/between Firm workstations, servers, databases and applications whether on-premises or externally hosted
• Contributes to the design and supports the execution of vulnerability assessments, penetration tests, and security audits
• Delivers technology solutions for the Firm’s security related projects
• Stays current on trends and issues in the security industry, including current and emerging technologies
• Stays current on applicable compliance and regulatory requirements for information security controls
• Recommends policies, standards, procedures, and training programs for lawyers and staff to make effective use of technology
• Assists with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements
• Coordinates vendor and third-party relationships to gain ongoing economies of scale and responsive services
Department Oversight Responsibilities
The Director has responsibility for the overall direction and professional development of the IT Security Solutions Department.
• Provides senior management direction to the staff
• Provides direction and goal setting on IT Security strategy and operations
• Oversees workload of staff; develops, mentors, and motivates a team of engineers with diverse mix of skill sets and experience
• Facilitates teamwork with cross-functional stakeholders and other Technology personnel / third-party providers
• Develops and motivates the staff to work as a team in addressing user and client needs
• Recommends appropriate levels of staffing, including position descriptions and salary level recommendations
• Hires, evaluates, promotes, and disciplines staff; makes transfer and termination decisions for IT Security Solutions staff in coordination with the Chief Information Officer and Chief of Human Resources
• Prepares input to the annual operating and capital budgets and recommends long-range and annual technology plans
• Leads and coordinates day-to-day operational execution with staff
Requirements
Education & Credentials
• College degree required, preferably in Computer Science, Information Systems, Business Administration, Finance, or a related field. Master’s degree is preferred
• Appropriate technical certifications are preferred
Knowledge & Experience
• 10+ years of relevant experience, ideally in a large Law Firm setting, a comparable professional services organization, or a legal information services provider
• Substantial experience in leading IT Security strategic transformation, technical re-architecture and/or major cyber programs
• Substantial hands-on technical experience and management oversight
• Strong experience with a wide variety of cybersecurity technologies for architecture and testing relating to Multi-Factor Authentication, Passwordless Authentication, Digital Rights Management, PKI, Endpoint Protection, Mobile Device Management, Patch Management, Vulnerability Management, Security Incident and Event Management, Data Loss Prevention, Zero Trust
• Demonstrated strong technical experience with encryption & digital certificates, networking components including IDS/IPS & Firewalls, and log management, Syslog analysis, and TCP/IP analysis
• Experience with network and system security administration, including operating system security configuration and account management best practices
• Experience with SIEM, MDR, E/XDR tools, Windows desktop and server security tools and topics, Azure security, Windows Event logging, syslog, and related telematics topics
• Knowledgeable in network switching and routing, firewall and intrusion detection and prevention systems, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Knowledge in vulnerability assessment and penetration tools for systems and web security
• Proven experience working in a fast-paced environment
• Demonstrated knowledge of applicable data privacy practices and laws, and other industry-relevant regulations
Skills & Expectations
• Ability to establish rapport and elicit cooperation from personnel across all levels, including executive management, and cross-functional leadership
• Ability to serve as a change agent, leading and inspiring others to act, especially under circumstances when change is unpopular
• Ability to develop and motivate technology teams, inclusive of staff, and 3rd party vendors/consultants
• Excellent problem solving and debugging skills required
• Ability to manage complex information systems and technical personnel
• Skilled in communications to all levels in the organization in writing, speaking, and presentation skills for work with the Firm leadership, the user community, and clients
Work Location & Conditions
• Washington, D.C.
• Core hours of 9:00 am – 5:30 pm, Monday-Friday; hybrid in-office, which will be a combination of onsite and remote work with occasional on-call availability
Position requires access to equipment, software, or technology that is subject to U.S. export controls. To be granted access pursuant to US Export Control laws, candidate must be either (a) a United States citizen or national; (b) a person lawfully admitted for permanent residence of the United States (i.e., “Green Card” holder); or (c) an INS-approved refugee or asylum holder who has applied for naturalization within six months of the date the individual first became eligible; and if not yet naturalized, is still actively pursuing naturalization if 2 years have passed since the date of application to be granted access pursuant to US Export Control laws. Candidates will be required to submit appropriate documentation to determine whether access can be granted before proceeding further through the application process.