We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Paul Hastings LLP jobs

Manager, Cybersecurity Governance and Risk

Paul Hastings LLP
flexible benefit account, parental leave, paid holidays, 401(k), retirement plan, profit sharing
United States, Illinois, Chicago
Jan 06, 2025

Paul Hastings is a leading international law firm that provides innovative legal solutions to many of the world's top financial institutions and Fortune Global 500 companies. With a strong presence throughout Asia, Europe, Latin America, and the U.S., we have the global reach and extensive capabilities to provide personalized service wherever our clients' needs take us. As one of the world's leading law firms, we seek dynamic individuals who share our commitment to service, innovation, and professional growth.

We have an opening for a Manager, Cybersecurity Governance and Risk.

The Manager, Cybersecurity Governance and Risk leads IT risk management (ITRM) initiatives to increase transparency of risk impacts to the Firm, manages the Cyber risk register, issues log, facilitates the Risk Operating Committee (ROC), and supports the Governance and Risk team in identifying and implementing industry standards (e.g., NIST, ISO and COBIT) in accordance with applicable regulatory or client guidelines.

The role will contribute to evolving ITRM's oversight, reporting, governance, communications, and education efforts from an Information Security perspective. The Manager will also assist in developing methodologies, policies, process, and tools to support InfoSec and Governance and Risk initiatives.

In this capacity, the Manager, Cybersecurity Governance and Risk will:

  • Assist the with the development, implementation and management of the governance and risk strategic plan and roadmap, including evolving the reporting structure and frequency to InfoSec stakeholders;
  • In conjunction with the Controls and TPRM Managers, evolve, develop and manage the development, maintenance and evaluation of organizational InfoSec governance and risk procedures, processes and guidelines in accordance with Firm and Client requirements;
  • Serve as a key contributor in identifying, managing and communicating governance and risk across InfoSec policy domains, providing expertise to prioritize and manage risk, while facilitating the adoption in conjunction with the Controls Manager of IT Risk policies, standards and guidelines across the enterprise;
  • Manage the Cyber risk and issue registers and remediations; including supporting monthly ROC meetings (e.g., agenda, data calls, etc.), tracking and aggregating the risk registers and performing risk(s) to policy domain to control(s) mapping to provide prioritization and transparency into control and policy domains requiring remediation;
  • Works with the Controls Manager and other stakeholders to identify, validate and document deficiencies in ITRM governance, processes and risk management practices, propose remediations, and enforce cross functional POAM initiatives and status reporting requirements in accordance with prioritization requirements;
  • Assist InfoSec's TPRM and Client InfoSec Assessments, including assessment activities (completion and quality control reviews), developing or revising control narratives and supports reporting efforts to InfoSec leadership and stakeholders;
  • Evolve risk methodologies, as well as conduct and support risk assessments to support InfoSec the identification of risk across policy domains, identify opportunities for control enhancement and risk mitigation;
  • Facilitate the definition and maintenance of InfoSec governance and risk measures and metrics; and
  • Handle additional related projects as assigned.

In addition, the Manager, Cybersecurity Governance and Risk will be expected to have:

  • Strong project management skills and understanding of the technology and operational risks as related to technology solutions;
  • Advanced awareness of current information security standards and developments (CSF, NIST, ISO), the COSO framework, as well as the emerging cyber threat landscape;
  • Strong understanding of Operational Risk from a Technology perspective;
  • Excellent analytical and problem-solving skills, inquisitive nature and comfort challenging current practices;
  • Understanding of governance, risk and compliance (GRC) practices and technologies across governance, process and technical domains;
  • Third party assessment experience, including the evaluation of SOC2 Type 2, SIG, Pen Test, etc., reports;
  • Ability to develop and maintain a solid working relationships across the departments; and
  • High-level technical understanding of security applications, platforms and architectures.
Qualifications:
  • Bachelor degree in Information Security, Information Assurance, Computer Science, Information Systems, or other related field (two years of additional experience may be substituted for two years of college credits);
  • At least 7 years of combined information technology, information security and risk management experience;
  • CISA, CISM, GSEC, CISSP, CRISC or other security-related certification preferred;
  • Advanced understanding of risk management concepts, frameworks, and methodologies;
  • Strong understanding of information security concepts and technologies;
  • Background in consulting preferred;
  • Fundamental knowledge of the operation of law practices; and
  • Advanced knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.

Employees will be provided with an excellent career opportunity in a collaborative environment, in addition to a generous total compensation package with the opportunity to earn bonuses based on individual contribution and firm profitability.

Eligible employees can participate in the Firm's comprehensive benefits program, which include the following:

  • Medical, Dental, Vision, Life/AD&D, Long Term Care, and Short- and Long-Term Disability
  • Flexible Spending Account and Health Savings Account
  • Healthcare Concierge and Advocacy
  • Lifestyle Spending Account
  • Voluntary 401(k) Plan and Profit Sharing
  • 10 Paid Holidays per year and a generous PTO Program
  • Family Support including Paid Parental Leave, Fertility Benefits, Breast Milk Shipping, Back-up Child Care, Elder Care, and Tutoring
  • Wellbeing programs (Employee Assistance Program, Relationship Support, Mental Health and Well-Being Events)
  • Retirement Plan Consulting
  • Anniversary Bonus Program
  • Professional Development Programs
  • Transportation and Commuter Benefits
  • International Travel Insurance
  • Auto/Home/Pet Insurance
  • Prepaid Legal Insurance
  • Employee Discounts
  • And More!

The Firm has a range of diversity initiatives including our Paul Hastings Affinity Networks (PHANs), Women's Initiative, and PH Balanced. These initiatives provide a firmwide forum to share experiences, as well as an opportunity to participate in a supportive network with common interests to help make life at the firm more inclusive. Learn more about our Global Diversity, Inclusion and Wellness Initiatives here.

Paul Hastings LLP is an equal employment and affirmative action employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.
Applied = 0
MORE JOBS LIKE THIS

(web-6f784b88cc-dlztm)