Managing a small team to work closely with senior leaders across IT, Security Engineering, General Counsel, and firm leadership to shape how risk is understood, measured, and managed
Lead the development of executive-level reporting on IT risk, compliance posture, and operational performance
Build and evolve KPI/KRI dashboards that provide real-time visibility into risk trends and control effectiveness
Translate complex IT and security data into meaningful insights for decision making
Ensure adherence to IT policies, standards, and leading frameworks (e.g., NIST, ISO 27001)
Own and evolve the firm’s IT risk register and Risk & Control Self-Assessment (RCSA) program
Identify emerging and systemic risks across IT, security, privacy, and operational processes
Partner with General Counsel, Security, and IT to lead internal investigations
Oversee governance and reporting across the IT Service Management (ITSM) ecosystem
Analyze incident, change, and problem management data to identify trends and improvement opportunities
Drive workflow optimization and automation within ServiceNow
Review and advise on vendor agreements and enhance vendor risk processes
Identify opportunities to streamline processes, enhance reporting, and improve governance
Introduce data-driven approaches to risk management and operational oversight
Perform related duties as assigned or directed by supervisor
Maintain compliance with all firm policies and procedures

Requirements

Bachelor's degree preferred
Seven years of experience in IT risk, security compliance, technology audit, or IT governance preferred
Experience operating in complex, regulated environments (e.g., law firms, financial services, consulting) preferred
Proven ability to lead reporting, analytics, and governance initiatives
Familiarity with ServiceNow and ITSM reporting including understanding of incident, change, and problem management lifecycles
Experience with security and collaboration platforms such as Microsoft 365, Purview and email security tools
Working knowledge of frameworks such as the NIST Cybersecurity Framework, ISO/IEC 27001 and SOC 2
Strong understanding of control design, risk registers, RCSA programs, and audit response
Basic understanding of privacy regulations
CISA, CISSP, CRISC, CTPRM and/or ITIL preferred

Benefits

Highly competitive salary and benefits package
Discretionary year-end merit bonus based on performance

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IT risk managementsecurity compliancetechnology auditIT governanceKPI dashboardsKRI dashboardsdata analysisworkflow optimizationincident managementchange management

Soft Skills

leadershipcommunicationanalytical thinkingproblem-solvingcollaborationdecision makingreportinggovernanceprocess improvementdata-driven approach

Certifications

CISACISSPCRISCCTPRMITIL