Information Security Manager

General Purpose:The Information Security Manager reports to the Chief Information Security Officer (CISO) and supports the implementation of security strategy that ensures Holland & Hart complies with applicable client, legal, and regulatory security requirements while safeguarding Holland & Hart's facilities and information systems.The Information Security Manager supports in the implementation of the strategy, operations and budget of the architecture, design, and implementation of IT projects to ensure availability, confidentiality, and data integrity. The Information Security Manager manages the threat landscape within Holland & Hart and designs and implements security measures tailored to address threats in a timely, efficient, and risk-managed method.Essential Duties/Responsibilities:Drives the development and implementation of strategic, long-term information security strategy and roadmaps to ensure Holland & Hart's information assets are adequately protected.Critical decision maker on designated information security committees, including analyzing and managing firm risk and tracking remediation.Oversees incident response planning and the investigation of security breaches.Leads IT Security incident response. Collaborates with analysts performing incident response and remediation. Handles incident response communications within team.Works with employees across the firm to assess and communicate and make recommendations regarding acceptable levels of risk.Manages ISO 27001 certifications including evidence collection and presentation to certification bodies.Manages and responds to client audits and security reviews, negotiating best practices, mitigating controls, and implementing new security measures. Presents security evidence to clients to demonstrate compliance.Assists the CISO in maintaining the budget and operational focus of the team.Provides subject matter expertise on security standards and best practices.Oversees the implementation of Access Control solutions.Manages individuals within Access Control team.Develops and mentors information security and technology professionals.Develops and recommends regulatory changes on information security policies, procedures, standards and guidelines, and oversees their approval, dissemination, and maintenance.Ensures that the security management program is compliant with applicable laws, regulations, and contractual requirements.Oversees and may provide hands on support for the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.Partners with software developers, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.Monitors the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.Liaise with law enforcement and other advisory bodies to ensure that the organization maintains a strong security posture.Leads one or more phases of large-complexity petencies:Strategic Thinking: Plans and makes decisions within the framework of the firm's strategic intent.Team Management & Results Orientation: Creates and maintains high functioning team(s).Communication: Understands the importance of and demonstrates verbal, written, and non-verbal communications.Customer/Client Experience: Creates a consistent and exceptional experience for others, whether directly to external clients/customers or indirectly through internal support, that elevates the overall perception of the firm.Supervisory Duties (if applicable):Develop and nurture a working environment that prioritizes inclusivity and a client-centric approach. Recognize and reward strong performance, teamwork, professionalism, and responsiveness. Instill confidence within the team and among the firm's professionals by celebrating hard work and success. Set clear and achievable expectations for future success.Effectively organize and oversee the scheduling, workload distribution, and productivity of the team to ensure efficient collaboration with the department head and in accordance with company policy, make informed hiring and selection decisions to build a high-performing team.Deliver timely and constructive performance feedback. Complete performance evaluations that help team members grow and improve.Actively coach, develop, and train team members to ensure they meet and exceed departmental expectations and perform their duties effectively.Review and approve timecards and vacation requests for direct reports, ensuring compliance with organizational policies and procedures.Efficiently manage daily responsibilities in alignment with departmental goals and objectives.With the assistance of HR and the department head, manage employee discipline and, when necessary, termination in accordance with company policy and legal guidelines.Job Qualifications (Education, Experience and Certification):Bachelor’s degree with technology is preferred, or applicable years of direct experience.Minimum 10 years of IT experience with a focus on IT Security.2 years of management experience is preferred.At least one relevant industry certifications such as GCIH, GCED, CISSP, CISA, CISM, etc.Possesses an excellent knowledge and background in IT operations, security technologies and regulations.Must be collaborative, creative, and driven with a proven ability to be a team playerAble to think strategically, develop solutions quickly and implement efficiently.Possesses business acumen and understands budgets, business-planning and balancing security and business risk.Skilled in conducting security reviews, audits, and analyses.Excellent verbal, written, and overall communication skills and ability to communicate effectively at all firm levels.Leadership and organizational abilities.Detailed oriented to ensure that the success of implementations is paramount.Strong analytical skills.Self-starter with the ability to multi-task and work in a very fast paced environment.Results oriented and with a strong client focus.Equal Opportunity EmployerThis employer is required to notify all applicants of their rights pursuant to federal employment laws. #J-18808-Ljbffr

Created: 2025-10-04