Head of Information Security (CISO) at Roth Staffing Companies in Los Angeles, California

Job Description:

Head of Information Security (CISO)



Employment Type: Full-Time/Direct Hire


Workplace Type: Hybrid (Flexible Schedule; 1 - 3 Days Onsite)


Location: Los Angeles, San Francisco, Washington DC


Industry: Law Firm


Salary Range: $160,000- $280,000 + Discretionary Annual Bonus



SUMMARY:



Reporting to the CIO, the Head of Information Security will play a critical role in sculpting the direction of the firm's cybersecurity strategy and leading the Information Security team. As a leader in information security within the legal industry this position will frequently engage with the firm's top partners and General Counsel. Our client is looking for a hands-on security leader who can provide strategic oversight, vision, and enhancement of the firm's overall security posture and ensure that our client remains at the forefront of cybersecurity.



DUTIES & RESPONSIBILITIES:




Strategic Leadership:

• Develop and implement an information security strategy in alignment with the firm's business objectives.


• Work closely with the CIO to define and refine the security vision, ensuring it remains current and effective in mitigating emerging threats.


• Serve as a key advisor to senior leadership, including partners and the General Counsel, on all matters related to information security.

• Lead, mentor, and manage a team of information security professionals and foster a culture of continuous learning and improvement.


• Oversee the recruitment, development, and retention of talent within the information security team.


• Ensure that the team is equipped with the latest tools and knowledge to effectively manage and respond to security incidents.

• Oversee the deployment, management, and optimization of security solutions, including, but not limited to:
  
  
  • Endpoint Detection and Response (EDR)
  
  
  • System Information and Event Logging (SIEM)
  
  
  • Identity and Access Management (IAM)
  
  
  • Data Loss Prevention (DLP)
  
  
  • Vulnerability Management
  
  
  
  


• Monitor the Firm's cybersecurity landscape, identifying potential vulnerabilities and mitigating risks proactively.


• Lead the response to any security incidents, coordinating with internal and external stakeholders to ensure swift resolution.

• Develop, implement, and enforce security policies, standards, and procedures that align with internal and external requirements.


• Ensure the firm's compliance with all relevant laws, regulations, and industry standards, including, but not limited to: ISO 27001, GDPR, CCPA, and client guidelines.


• Lead audits, assessments, table-top exercises, and penetration test responses to ensure compliance and identify areas for improvement.


• Manage the firm's security awareness and training program.

• Regularly interact with top partners and the General Counsel to communicate risks, propose solutions, and report on the status of the firm's information security program.


• Act as a liaison between the Information Security team and other departments within the firm to ensure a unified approach to security.


• Build and maintain relationships with external security partners, vendors, and consultants to enhance the firm's security capabilities.

• Stay abreast of the latest developments in information security and ensure the firm's practices remain cutting-edge.


• Foster a culture o