IT Security Manager

TriHire Solutions • Boston, MA, US • 1m ago

The IT Security Manager will oversee the firm's information security program, collaborating closely with the Director of Information Security, Desktop, and Server teams to safeguard the firm's information assets. The role involves implementing, supporting, and maintaining information security policies, operations, and risk management strategies.

Key Responsibilities:

Phishing

Coordinate and execute scheduled phishing campaigns, including content development, delivery, follow-up, and reporting.
Collaborate with the helpdesk to address phishing-related issues and user inquiries.
Proactively implement measures to mitigate phishing risks.

Monitoring and Alerting

Work with external security vendors to monitor system events and ensure comprehensive coverage.
Oversee the initial response to incoming security events from MDR vendors and Defender.
Triage alerts, assess severity, and follow appropriate procedures.
Safeguard the confidentiality of client and firm data.
Monitor and respond to tickets for the Information Security Group.

Vulnerability Management

Coordinate the firm's vulnerability scanning process, identifying, classifying, prioritizing, mitigating, and remediating software vulnerabilities.
Collaborate with infrastructure and desktop engineering teams to address critical risks.
Track progress toward security goals and overall vulnerability reduction.

Operations

Oversee security events from Microsoft Security Products.
Enhance the security posture through vulnerability management, attack surface reduction, and environment hardening.
Support Mac laptop compatibility for standard firm tasks.
Contribute to remote browser capability projects.
Collaborate with third-party vendors for annual penetration testing.
Coordinate threat hunting activities and research emerging CVEs.

Audit

Oversee evidence gathering for ISO audits.
Manage and maintain accurate and up-to-date policies and procedures.
Supervise timely reviews of Outside Counsel Guidelines, Client Security Assessments, and RFP/RFI responses.

Additional Responsibilities

Assist in preparing and tracking client security assessments.
Collaborate with the Director of Information Security on security budgeting.
Work with desktop and server teams on patch management.
Interface with the networking team as needed.
Support evidence collection and preservation for ISO 27001 audits.
Participate in annual disaster recovery and business continuity plan testing.
Undertake special projects as assigned.
Assume additional responsibilities as required.

Qualifications

Bachelor's degree in Cybersecurity or Computer Science.
Minimum 5 years of information security experience, including staff management.
Prior experience in a law firm or professional services environment is strongly preferred.
Knowledge of threat hunting tactics and incident response.
Understanding of TTPs (Threats, Tactics, and Procedures) of threat actors.
Proficiency with vulnerability scanning tools (Tenable, Rapid7, Qualys).
Familiarity with cybersecurity tools for threat hunting and vulnerability scanning.
Experience with outsourced MDR solutions (SentinelOne, eSentire, Rapid7 IDR, Cybereason, etc.).
Strong knowledge of Microsoft Defender products.
Relevant certifications (CompTIA Security+, CEH, CISA, CRISC, CISM, CISSP).
Excellent verbal and written communication skills.
Ability to multitask, prioritize, and adapt to changing priorities.
Strong planning, project management, and organizational skills.
Collaborative and influential interpersonal skills.
Hands-on, tactical approach to problem-solving.
Creative and proactive problem-solving abilities.
Team-oriented mindset and ability to foster collaborative relationships.
Quick learner with strong analytical skills and attention to detail.
Independent and team-oriented work ethic.
Proven leadership and management abilities.
Experience in employee relations, performance management, and separations.
Strong customer service orientation.
Commitment to integrity, ethics, and confidentiality.
Proficiency in Microsoft Office Suite.
Ability to learn new software and applications quickly.