landing_page-logo
Wilson Sonsini Goodrich & Rosati, Professional Corporation logo

Senior Director, Information Security and Risk Management

Wilson Sonsini Goodrich & Rosati, Professional CorporationSan Francisco, Washington
Apply with Sonara
Apply

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.1

Reclaim your time by letting our AI handle the grunt work of job searching.

We continuously scan millions of openings to find your top matches.

pay-wall

Job Description

Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. We represent companies at every stage of development, from entrepreneurial start-ups to multibillion-dollar global corporations, as well as the venture firms, private equity firms, and investment banks that finance and advise them. The firm has approximately 1,100 attorneys in 17 offices: 13 in the U.S., two in China, and two in Europe. Our broad spectrum of practices and entrepreneurial spirit allow our staff exceptional opportunities for professional achievement and career growth.

Essential Duties and Responsibilities:

The Senior Director of Information Security & Risk Management leads and manages key aspects of the firm's information security and risk management program in support of the Chief Information Security Officer. They oversee security engineering, operations, information governance, risk management, records management, and compliance activities, as well as contribute to the firm's overall security posture. The Senior Director works closely with practice groups, firm management, General Counsel’s office, and other administrative departments to address client and regulatory requirements and support the firm's strategic needs. The Senior Director actively networks with peers at other firms and clients. Active engagement with organizations the firm belongs to for collaborative engagement around security and risk management decision making is also a critical activity of the position. The Senior Director also supports the Chief Information Security Officer in developing and implementing strategic initiatives to improve the firm’s security program, as well as in developing of metrics and associated briefings used to communicate the state and direction of the program to firm leadership.

Risk Management and Compliance:

  • Lead firm-wide technology-related risk and compliance activities.  

  • Lead firm-wide records management activities.

  • Provide support for the risk management and compliance function.  

  • Oversee client audit request workflows and coordinate firm IT audits.  

  • Oversee the firm's risk registry and associated corrective action plans.  

  • Oversee data input into the Governance Risk & Compliance (GRC) system and generate compliance metrics reports.  

  • Track compliance remediation efforts and report on discrepancies to the firm CIO & CISO.  

  • Maintain measures and metrics of risk related to the firm's security and IT posture.  

  • Oversee employee compliance with security and privacy training.  

  • Oversee risk assessments.  

  • Oversee incident response protocols and vulnerability management programs.  

  • Ensure compliance with firm standards and regulations.  

  • Produce recommendations from risk evaluations that align with business needs.  

  • Communicate risk metrics to firm leadership.  

Security Engineering and Operations:

  • Identify and implement emerging technologies where they can enhance firm best practices for mitigating cyber risk.

  • Oversee security and risk management systems and architecture.  

  • Oversee investigations and responses to security events from both the Security Operations team and Security Operations Center (SOC).  

  • Oversee analysis and identification process and technology needs, and coordinate the design, installation, testing, and maintenance of security enhancements.  

  • Improve the firm's security posture to mitigate threats.  

  • Oversee the evaluation, selection, and implementation of security controls.  

  • Hold regular meetings with firm leadership to review policy and procedure deficiencies.  

  • Drive remediation activities and track compliance deliverables.  

  • Oversee the product lifecycle and operations of security technologies.  

  • Evaluate the security of infrastructure, network, and system designs.  

  • Plan, coordinate, and drive changes to improve security.  

  • Maintain knowledge of client security and risk management needs. 

  • Stay current with emerging security technologies and trends and provide recommendations.  

  • Participate in and provide leadership for the incident response process.

  • Maintain compliance with all firm policies and procedures.

Education and/or Work Experience Requirements:

This section is used to describe what knowledge, skills and abilities are required to perform the essential duties and responsibilities bulleted above. If this position is part of a group of levels, be sure to show the increase in the knowledge, skills and abilities necessary to perform the daily tasks and job duties. Some examples are:

  • Bachelor’s degree required; master’s degree preferred.

  • 10+ years’ relevant experience required

  • Experience in an AmLaw 50 law firm environment or professional services industry is a plus.

  • Ability to communicate and coordinate risk-related information effectively.  

  • Strong communication skills with people from diverse backgrounds.  

  • Knowledge and experience in risk management and compliance reporting.  

  • Experience with GRC applications and metrics development.  

  • Proven ability to lead and motivate teams.  

  • Exceptional communication skills, including the ability to translate technical security concepts into business terms.  

  • Demonstrated ability to understand and address business security and risk management needs.  

  • Ability to identify technology-related risks and implement effective solutions.  

  • Strong analytical and problem-solving skills.

  • Ability to visualize, plan, and execute process improvements.  

  • Extensive knowledge of network architecture and design.  

  • Relevant certifications such as CISSP, CISM, CISA, or similar are highly desirable.  

  • Significant expertise in relevant security and risk management frameworks and disciplines (e.g., ISO 27001, NIST CSF, COBIT, etc.).  

The primary location for this job posting is in Washington, D.C., but other locations may be listed. The actual base pay offered will depend upon a variety of factors, including but not limited to the selected candidate’s qualifications, years of relevant experience, level of education, professional certifications and licenses, and work location. The anticipated pay range for this position is as follows:

San Francisco and Silicon Valley: $447,100 - $604,900 per year

Austin, Boston, Boulder, District of Columbia, Los Angeles, New York, San Diego, Seattle, and Wilmington: $402,390 - $544,410 per year

Salt Lake City and all other locations: $357,000 - $483,000 per year

The compensation for this position may include a discretionary year-end merit bonus based on performance. We offer a highly competitive salary and benefits package.

Benefits information can be found here. Equal Opportunity Employer (EOE).