Enterprise Security Compliance Manager -Third Party
Tracking Code 5017 Job Description
Latham & Watkins, a global law firm consistently ranked among the top firms in the world, is currently seeking an Enterprise Security Compliance Manager to join our winning team, located in our Global Services Office in downtown Los Angeles.
The success of our firm is largely determined by our commitment to hire and develop the very best and brightest, creating a team that provides our clients with the highest quality of work and service.
We are driven by our core values: respect, innovation and collaboration.
As the global outbreak of COVID-19 continues to unfold, Latham has taken precautions to help protect our people, clients, and the communities where we live and work.
This includes a shift to virtual work for the majority of our lawyers and staff.
This role will likely start virtually while the firm continues to evaluate the situation.
The Enterprise Security Compliance Manager will receive a generous total compensation package.
Bonuses are awarded in recognition of individual and firm performance.
Eligible employees can participate in Latham’s comprehensive benefit program including healthcare, life and disability insurance, flexible spending accounts, a 401k plan, and more!
In addition, employees receive 10 paid holidays per year, and a PTO program that accrues 23 days during the first year of employment and grows with tenure.
As an Enterprise Security Compliance Manager at Latham, you will be responsible for managing the firm’s security compliance activities as focused on third-party vendors.
You will be responsible for leading efforts that include collecting and organizing written responses and documentation, leading calls and meetings to gather information from vendors, and ensuring that all follow-up communications and remediation items are completed on time.
You will be responsible for scheduling and coordinating vulnerability assessments, penetration tests, and associated remediation activities.
You will be a member of the Global Security and Risk Management team and will report directly to the Information Security Officer and work closely with the rest of the Security Team, while accomplishing these and other critical functions:
Managing the firm’s vendor audit process including, cloud service providers, engaging in a risk-based approach to determine the depth of each audit, leading the audit, and providing recommendations to management based on the results Organizing and conducting meetings of the firm’s cloud security review team, coordinating the assessment of vendors, and leveraging team members’ expertise in the vendor review process Arranging third party penetration tests and vulnerability testing by identifying and negotiating with vendors, scheduling testing, and following-up on results delivery Reviewing firm contracts as part of the firm’s contract review process; assessing and recommending adjustments that serve to minimize security risk in firm agreements Supporting the client’s security review process on an overflow basis from intake through closure by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities Coordinating with the information security officer, evaluating the results of internal & external system vulnerability scans, and arranging necessary internal follow-up to facilitate agreement regarding any recommended remediation items Tracking agreed security remediation efforts from vulnerability tests with the support of the information security officer and others, and ensuring successful disposition of each item Working to enhance the confidentiality, integrity, and availability of data at the firm, regardless of form Maintaining information security documentation and assisting in the development of security policies and procedures Serving as a subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security), and promoting a culture of security throughout the firm Liaising with other teams and subject matter experts on various technologies, status, and testing Working with the technology department management team to identify key metrics and reporting requirements as they relate to technology performance and operation Creating and presenting regular reports to senior technology management Documenting security information appropriate to team initiatives Interfacing with staff throughout the firm to facilitate the efficient and secure use of technology services Preparing technical documentation and reports as required
As an Enterprise Security Compliance Manager, you will be expected to apply your organizational and communication skills while displaying a positive, high-energy attitude.
The successful Manager must have strong analytical skills, including effectively defining problems and identifying solutions, a technical understanding of encryption and cloud security controls to allow evaluation of vendors’ security posture, along with well-developed professional interpersonal skills.
The ideal manager must display the ability to interact effectively with clients, vendors, and colleagues at all organizational levels.
A Bachelor’s degree, a Diploma of higher education, or sufficient security and technology experience is required.
A Bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field is desired.
A recognized security certification is desired.
A minimum of five (5) years of experience focused on information security is required.
A minimum of ten (10) years of experience working in information technology is required.
A minimum of two (2) years of experience applying project management concepts is required.
Experience working in a law practice office environment is desired.
Qualified candidates are encouraged to apply by clicking the ‘Apply Now’ link.
Latham & Watkins is an Equal Opportunity Employer.
Our commitment to diversity, equal opportunity and sustainability enables Latham & Watkins to draw from a remarkable wealth of talent to create one of the world’s leading law firms.
Latham & Watkins LLP will consider qualified applicants with criminal histories in a manner consistent with the City of Los Angeles Fair Chance Initiative for Hiring Ordinance (FCIHO).
Please click the link below to review the Ordinance.
Please click here to review your rights under U.S. employment laws.
#LI-AH1
Job Location Los Angeles, California, United States Department Global Security & Risk Management Position Type Full-Time/Regular