Director of Information Security

Manatt, Phelps & Phillips, LLP

Director of Information Security leading and maturing the information security program at Manatt, a legal services firm. Responsible for protecting client data and managing security operations.

Posted 6/9/2026full-timeNew York City • Florida, New York • 🇺🇸 United StatesLead💰 $210,000 - $250,000 per yearWebsite

Tech Stack

Tools & technologies

AzureCloudCyber Security

About the role

Key responsibilities & impact

Develop, maintain, and execute a firm-wide information security strategy aligned to Manatt's business objectives, growth agenda, and risk appetite.
Serve as the primary security advisor to the CIO, COO, executive leadership, and firm governance bodies; present security posture and program updates to senior stakeholders and the board as required.
Build and lead a high-performing information security team, including hiring, mentoring, and professional development.
Define and manage the information security program budget, balancing investment in tooling, staffing, and managed services.
Own the firm's information security risk management program, including risk assessment, treatment, and continuous monitoring.
Ensure compliance with applicable legal and regulatory frameworks including HIPAA/HITECH, state privacy laws, ABA cybersecurity guidelines, and client security requirements.
Lead responses to client security questionnaires, RFPs, and third-party audits; serve as the primary security point of contact for client due diligence inquiries.
Provide security leadership and oversight for the firm's cloud transformation and data center migration initiatives, including Azure cloud security architecture and governance.
Establish and enforce security standards and controls aligned to CIS Benchmarks and industry best practices across endpoint, network, cloud, and application layers.
Partner with IT and engineering teams to embed security into the system development lifecycle, AI/LLM adoption initiatives, and enterprise technology deployments.
Oversee the implementation and management of security tooling including endpoint protection, SIEM/SOAR, identity and access management, DLP, and vulnerability management.
Lead the firm's security operations function, ensuring 24/7 threat monitoring, detection, and response capabilities.
Own the incident response program, including playbooks, tabletop exercises, and coordination with legal, HR, and executive leadership during security events.
Manage relationships with external security partners, MSSPs, and legal counsel in connection with security incidents and breach notification obligations.
Oversee vulnerability and patch management programs in coordination with IT operations.
Advise on and govern the secure adoption of AI and generative AI tools, including LLM-based legal technology platforms, ensuring appropriate data handling, access controls, and residency requirements.
Stay abreast of the evolving threat landscape as it pertains to professional services, legal, and healthcare-adjacent industries; translate threat intelligence into actionable program improvements.
Lead the firm's security awareness and training program, fostering a security-conscious culture across attorneys, business professionals, and leadership.
Partner with HR and firm management to communicate policies and expectations around acceptable use, data handling, and security hygiene.

Requirements

What you’ll need

Bachelor’s or Master’s degree in Computer Science, Information Systems, Data Management, or related field.
10+ years of progressive information security experience, with at least 3 years in a senior leadership role.
Demonstrated experience leading enterprise security programs in a professional services, legal, consulting, or similarly regulated environment.
Deep knowledge of security frameworks and standards including NIST CSF, CIS Controls, ISO 27001, SOC 2, and HIPAA security rule requirements.
Hands-on experience with Microsoft Azure security architecture, including Defender for Cloud, Entra ID (Azure AD), Sentinel, and related tooling.
Strong understanding of endpoint, network, identity, and cloud security domains.
Proven ability to communicate complex security topics to non-technical executive and board-level audiences.
Experience managing and responding to cybersecurity incidents, including coordination with legal counsel and regulatory notification obligations.
Bachelor's degree in Computer Science, Information Systems, or related field — or equivalent professional experience.
Preferred CISSP, CISM, or equivalent advanced security certification strongly preferred.
Experience in law firm or Big 4 / professional services security environments.
Familiarity with legal technology platforms, matter management systems, and document management systems (e.g., iManage, NetDocuments).
Experience with AI/LLM security governance, including evaluation of legal AI tools and data residency controls.

Benefits

Comp & perks

A full range of medical, financial and/or other benefits dependent on the position will also be offered.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information security strategyrisk managementsecurity program managementcloud security architecturevulnerability managementincident responsesecurity operationssecurity standards and controlsdata handlingcybersecurity incident management

Soft Skills

leadershipcommunicationmentoringteam buildingstakeholder engagementstrategic thinkingproblem-solvingtraining and awarenesscollaborationadaptability

Certifications

CISSPCISMISO 27001SOC 2NIST CSFCIS ControlsHIPAA certificationadvanced security certification