Cooley is seeking an IS Security Manager to join the IS security team.

Position summary: Cooley Information Services (IS) embraces a culture of customer service excellence and all members of the department are expected to move this agenda forward. To that end, the IS Security Manager is expected to recognize that the Cooley IS department is a service organization first and foremost and will be evaluated on this requirement equal in importance to the technical or operational responsibilities outlined later in this document. The IS Security Manager will work with and manage teams to maintain and monitor the security policies, practices, and systems implemented by the firm. The IS Security Manager will participate in developing security policies and procedures to protect the firm from threats and will manage the firm's IS security to ensure proper security measures are in place, those measures are monitored, and threats are responded to and neutralized.

Position responsibilities:

• Manage and lead the IS Cyber Security Team to maintain and monitor the security policies, practices, and systems implemented by the firm
• Review, analyze and monitor security system reports and logs for suspicious activities, trends and patterns.This includes but is not limited to SIEM web filters, mail gateways, firewalls, encryption systems, anti-malware systems, IDS/IPS
• Provide leadership, guidance, task prioritization, mentoring and annual reviews to the IS Cyber Security Team members
• Develop and monitor IS security metrics and present security status to IS management
• Advise IS management on selection and use of realistic enforcement mechanisms
• Identify and document threats and vulnerabilities that may impact the business and address them regularly with business units
• Develop access control models and roles
• Recommend controls for on premise and cloud systems to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
• Develop, implement and lead Security Incident Response Teams and troubleshooting efforts on all IS security related problems
• Provide consultation on any internal investigation that may require forensic analysis
• Develop and execute a firmwide IS security awareness program; provide on-going communications to staff regarding threats and mitigation steps; develop/execute technical training to IS staff on security policies/products; track attendance and progress
• Respond to audit findings and present remediation steps to IS management
• Lead testing of installed systems to ensure protection strategies are properly implemented and functioning as intended
• Provide security analysis on firmwide system changes to the Change Control Board and Architecture Review Board
• Evaluate and recommend commercial security vendors and products. Present the firm with outside vendors and recommend new products/technology to improve security and address business needs
• Work with vendors to put in place acceptable service and response agreements consistent with product and service SLA and response time during security incidents
• Build and maintain TAM relationships with key security providers
• Participate in security and legal forums and organizations to learn new ideas to solve problems
• Serve as direct supervisor and mentor to direct reports
• Provide day-to-day supervision of direct reports, ensure compliance with assigned work hours and monitor for compliance with all firm and department policies. Manage staffing coverage, review and process time logs/time off requests
• Support business professional development and continued educational opportunities
• In collaboration with immediate supervisor and CN HR, participate in hiring, performance appraisals, counseling, termination and other employee lifecycle events
• All other duties as assigned or required

Skills & experience:

Required:

• After orientation at Cooley LLP, exhibit proficiency in the Microsoft Office suite, iManage and other firm applications
• Ability to work extended and/or weekend hours, as required
• Ability to travel, as required
• 5+ years of relevant work experience in information security
• Senior level candidates must have 7+ years applicable experience in the field with 2+ years of exempt/management experience in relevant roles
• Experience managing internal teams and dedicated external teams
• CISSP or equivalent certifications and/or experience
• Proven practical experience in information security and well-rounded knowledge of IT
• Experience managing teams responsible for and working on:
• Cisco routing/switching equipment
• Active Directory and NTFS
• Firewalls
• Intrusion Detection and Prevention Systems
• Antivirus programs and management console
• Web filter/proxy technologies
• Encryption technologies - whole disk, e-mail, and data at rest
• Patch management systems
• Vulnerability scanners
• Forensic tools
• Penetration testing tools
• Data loss prevention
• Email gateways and anti-spam services
• Mobile device management
• Privileged account management systems
• Security information and event management systems
• Two factor authentication systems
• M365 and Microsoft's cloud security suite
• Demonstrated experience evaluating the security posture of vendors and system architecture
• Prior experience implementing and managing incident management programs and systems
• Prior experience managing vendor relationships
• Project management experience
• Required to participate in a 7x24 on-call rotation

Preferred:

• Prior law firm experience
• Bachelor's degree in Information Technology or Computer Information Systems
• Experience working with the following products:
• Cisco routers and switches
• Palo Alto Network's firewalls and Remote Access
• Microsoft SCCM
• Nexpose Vulnerability Scanner
• BitLocker
• VMWare
• Data Loss Prevention
• Proofpoint Email Gateway and Anti-Spam
• Forensic Tools
• S/MIME email encryption
• MobileIron/InTune
• Delenia Secret Server
• Crowdstrike/Malwarebytes
• Microsoft AOVPN
• Log mgmt. systems
• Microsoft MFA
• Experience implementing or managing ISO 27000
• Additional security certifications
• Supervisory experience

Competencies:

• Exceptional Customer Service Skills
• Excellent analytical, problem-solving, customer service and project management skills
• Ability to balance security best practices with business objectives
• Proven track record of excellent decision-making, integrity and working with IT management, business users and staff
• Excellent oral and written communication skills, including technical and user documentation.
• Strong organizational skills
• Ability to work independently and under high pressure with tight schedules and deadlines.
• Ability to interact well with all levels of staff
• Excellent active listening skills
• Ambitious and motivated team player
• Capable of grasping new concepts quickly and without prior experience
• Detail oriented
• Ability to multi-task and work in fast-paced environment
• Ability to interact and coordinate with several teams to achieve objectives
• Ability to solve problems independently and simultaneously, effectively managing multiple tasks.
• Familiarity with budgeting, financial analysis and asset management within the context of an IT operation

Cooley offers a competitive compensation and excellent benefits package and is committed to fair and equitable employment practices. EOE.

The expected annual pay range for this position is $140,000 - $205,000. Please note that final offer amount will be dependent on geographic location, applicable experience and skillset of the candidate. Senior level candidates may be considered for this position and would be eligible for a higher salary range based on experience.

We offer a full range of elective benefits including medical, health savings account (with applicable medical plan), dental, vision, health and/or dependent care flexible spending accounts, pre-tax commuter benefits, life insurance, AD&D, long-term care coverage, backup care for children and/or adults and other parental support benefits. In addition to elective benefit options, benefited employees receive firm-paid life insurance, AD&D, LTD, short term medical benefits as well as 21 days of Paid Time Off ("PTO") and 10 paid holidays each year. We provide generous parental leave and fertility benefits. New employees will attend a detailed benefit orientation to learn more about our many benefits and resources.