Security Engineering Manager - Wilson Sonsini Goodrich & Rosati Palo Alto, CA, United States Bookmark Share Print 178 0 2

Listing Description

New locations. New business ventures. New career opportunities. Working at Wilson Sonsini Goodrich & Rosati is a challenging and rewarding experience. Our firm is recognized as the leader in providing legal and business advice to technology and growth companies at all stages of development. Our broad spectrum of practices and entrepreneurial spirit allow our staff exceptional opportunities for professional growth and exploration.

Wilson Sonsini Goodrich & Rosati is seeking a Security Engineer to join the Information Security team in the Firm's Palo Alto office. The Security Engineer, as part of the Information Security team, is responsible for managing the firm’s information security systems and processes, assuring enforcement of security policies, managing the information security threat lifecycle, analyzing and responding to security events escalated by the Security Operations Center (SOC) and coordinating actions to limit risks identified through our automated systems. This position is also accountable for providing expertise and support in the areas of security engineering, incident response and risk management. The candidate is expected to understand the information security lifecycle and how to apply a disciplined approach to security that takes the business needs of the firm into account.

SUMMARY OF POSITION

The Security Engineering Manager, under the direction of the Chief Information Security Officer, is accountable for the oversight of Wilson Sonsini Goodrich & Rosati’s (WSGR’s) security and risk management systems and architecture; overseeing the investigation and response to events detected by WSGR’s Security Operations Center (SOC); analyzing and identifying process and technology needs, and coordinating the design, installation, testing, and maintenance for agreed upon enhancements; and for managing personnel associated with the various security and risk management activities of the firm. The position is also accountable for providing expertise and support in the entire breadth of the security and risk management discipline; including overseeing risk assessments, maintaining the firm risk registry and associated corrective action plans, managing incident response protocols, maintaining a vulnerability management program, and ensuring compliance with all agreed upon firm standards and applicable regulations. The candidate is expected to understand the entire information security and risk management lifecycle and how to apply a disciplined approach that takes the business needs of the firm into account.

AUTHORITY

The Security Engineering Manager, in association with the Chief Information Security Officer, will supervise all members of the security engineering team

QUALIFICATIONS

- Ability to communicate information about the vision and direction of our security and risk management program to firm leadership

- Must be able to communicate clearly and effectively with people from all types of backgrounds

- Proven ability to lead and motivate teams

- Knowledge and experience with all aspects of security and risk management

- Exceptional communication skills including the ability to translate information security concepts into business language

- Demonstrated effectiveness in listening to the business on security and risk management needs

- Ability to identify technology related risks

- Ability to visualize, plan and execute any areas of process improvement that increase the efficiency and delivery of our security and risk management capabilities

- Extensive knowledge of network architecture and design

- One or more of the following certifications: CISSP, CIRM, ISO 27001 Lead Auditor, CISM, CEH, CIPP, CRISC, GIAC

- College degree required

SPECIFIC SKILLS REQUIRED

Significant expertise in the following disciplines: ISO 27001, NIST CSF, incident management, risk management, business continuity, disaster recovery, workflow & process management

REPORTING RELATIONSHIPS

The Security Engineering Manager reports directly to the Chief Information Security Officer

OFFICE REQUIREMENTS

The Security Engineering Manager will maintain office hours totaling at least 8 hours each day, Monday through Friday, although he/she will be expected to work additional hours as required. Flexibility with working hours may also be required.

This job description sets forth authorities and responsibilities of the Security Engineering Manager and may be changed from time to time.

APPLY

In order to ensure that we receive your application, please apply on the Firm's website here.Provide subject matter expertise in information security and risk management

Continually improve upon the security posture of the firm to mitigate our exposure to threats. Take complete ownership of the evaluation, selection and implementation of security controls agreed upon by firm leadership

Provide other teams with security and risk management consulting services, including responding to requests for additional information and participating on the project review team to ensure all projects meet organizational policies and procedures

Hold regular meetings with firm leadership to review deficiencies with any policies or procedures. Drive remediation activities, track compliance deliverables and scheduling. Provide regular progress updates on remediation activities

Oversee the research and response to all security events escalated by the WSGR SOC

Oversee the performance, and subsequent remediation activities, of security scans associated with systems, network devices and applications

Manage the firms IT related Business Continuity & Disaster Recovery policy and procedures. Regularly hold test exercises to identify improvement

Oversee the product lifecycle and administrative operations of security technologies, such as anti-virus, multi-factor authentication and insider threat protection

Evaluate designs of infrastructures, networks and inter-related systems for security practices that meet the business needs of the firm. Plan, coordinate and drive changes that are in the firm’s best interests

Manage and lead risk evaluations of the firm’s environment by external 3rd parties. Produce recommendations that integrate any findings with the business needs of the firm

Create appropriate measures and metrics of risk related to the security hygiene of the WSGR environment and regularly communicate them to firm leadership

Oversee firm processes associated with internal investigations, electronic document collections and transfer

Maintain knowledge of the security and risk management needs of firm clients and implement measures to satisfy those requirements in the most efficient manner

Keep abreast of emerging security technologies and discipline developments. Make appropriate recommendations that meet the firms needs

Participate in the incident response team and provide leadership in resolving issues of a critical and sensitive nature