Senior IT Security Engineer, Governance Risk & Compliance, Data Protection and Privacy Support

Orrick currently has an excellent opportunity for a Senior IT Security Engineer (Governance Risk & Compliance, Data Protection and Privacy Support). This position could be based in any of our U.S. offices (Austin; Chicago; Boston; Houston; Los Angeles; New York; Menlo Park; Orange County; Portland; Sacramento; San Francisco; Santa Monica; Seattle; Washington DC; or Wheeling, WV) and consideration given for 100% remote US locations.

The Senior IT Security Engineer, Governance Risk & Compliance, Data Protection and Privacy Support, is a critical leader within the firm's IT Security team. This role is essential in ensuring the firm meets its security objectives, regulatory requirements, and maintains robust data protection and privacy standards. The position involves leading efforts in client audits, third-party supplier security assessments, and supporting data protection and privacy initiatives across the organization.

Governance, Risk & Compliance Leadership:

• Lead the creation and maintenance of enterprise security documents (policies, standards, baselines, guidelines, and procedures) under the direction of the IT Security Manager.
• Oversee the planning, design, testing, and maintenance of the firm's Incident Response Plan, ensuring alignment with GRC objectives.
• Drive the planning, implementation, and maintenance of the firm's ISO 27001 Certification program.
• Take the lead in completing client audits and third-party supplier security assessments, ensuring thorough evaluation and compliance with security standards.
• Guide strategic planning and design of the firm's enterprise security architecture, focusing on GRC requirements.

Data Protection and Privacy Support:

• Develop and implement strategies for data protection and privacy, ensuring compliance with relevant regulations such as GDPR and CCPA.
• Collaborate with legal, compliance, and privacy teams to ensure privacy policies and practices align with regulatory requirements.
• Monitor and assess data protection measures, recommending improvements as necessary to enhance privacy and security.
• Provide training and support to staff on data protection and privacy best practices.

Expertise in Cybersecurity and Artificial Intelligence:

• Maintain advanced knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the emergence of new attacks and threat vectors.
• Recommend and implement additional security solutions or enhancements to existing security solutions to improve overall enterprise security, leveraging Artificial Intelligence where applicable.
• Oversee the deployment, integration, and initial configuration of new security solutions and enhancements to existing security solutions, ensuring adherence to GRC standards.

Operational Management:

• Ensure up-to-date baselines for the secure configuration and operations of all in-place devices, ensuring compliance with GRC policies.
• Monitor in-place security solutions for efficient and appropriate operations, with a focus on risk management.
• Review logs and reports of in-place devices, interpreting implications for GRC compliance and devising plans for appropriate resolution.
• Lead investigations into problematic activity and design and execute vulnerability assessments, penetration tests, and security audits.
• Provide on-call support for end users and other IT staff for security-related issues, ensuring GRC adherence.

• 5+ years of experience in configuring and maintaining network security tools.
• Minimum 8 years of experience in information security governance, including policy and procedure development, security assessments, and incident response.
• Proven expertise in Cybersecurity, Data Protection & Integrity, Privacy, and Artificial Intelligence.
• Extensive experience in leading client audits and third-party supplier security assessments.
• Experience in the legal, financial, or business services industries preferred.
• Strong understanding of Access Control Management and familiarity with encryption tools and concepts.

Education & Certifications:

• Bachelor's degree in computer science, cybersecurity, or a related field; advanced degree preferred, or equivalent work experience.
• Relevant certifications such as CISSP, CISM, CompTIA Security+, CompTIA Network+, Microsoft Certifications, ITIL Foundations.

Leadership Skills:

• Demonstrates outstanding leadership, teamwork, and client service, with the ability to lead security assessments and audits.
• Ability to conform to shifting priorities, demands, and timelines in a high-pressure environment through analytical and problem-solving capabilities.

Communication Skills:

• Translates technical details into descriptions the client can understand; adjusts content of written/verbal communication to the audience.
• Adept at conducting research into security project-related issues and products, with a focus on GRC compliance.

Additional Requirements:

• Ability to adapt to flexible work hours, travel occasionally, and respond to security-related issues on a 24x7 basis.
• Coordinate multiple, simultaneous projects with multiple vendors and other firm personnel in a dynamic, evolving environment.

Who is Orrick? Orrick is a global law firm focused on delivering innovative solutions for four sectors: Technology & Innovation, Energy & Infrastructure, Finance and Life Sciences & HealthTech. Founded more than 150 years ago in San Francisco, Orrick today has offices in 25+ markets. We are recognized globally for delivering the highest-quality legal advice and for our culture of innovation and collaboration.

Compensation and Benefits

The expected salary ranges for this position:

• California Major Markets* $128,000.00 - $180,000.00
• New York City $143,000.00 - $180,000.00
• National $116,000.00 - $148,000.00

* California Major Markets includes San Francisco, Silicon Valley, Los Angeles, Orange County, Santa Monica. All other California locations fall within National range.

Orrick is committed to providing a comprehensive, competitive, and thoughtful total compensation package to our attorneys and staff, wherever they work. This compensation and benefits information is based on the Orrick's estimate as of the date of publication and may be modified in the future. The level of pay within the range will depend on a variety of job-related factors that may include, but not limited to, qualifications, relevant experience or education, particular skills or expertise, geography. Other compensation may include an annual discretionary merit bonus, which would be determined by Firm and individual performance.

We offer a full range of elective health benefits including medical, dental, vision and life; robust mental well-being programs; child, family, elder, and pet care benefits; short- and long-term disability and industry leading parental leave benefits, health savings account contributions (w/applicable medical plan), flexible spending accounts, and a 401K program. This role will receive compensated time off through our Flexible Time Off program and paid holidays.

Please visit www.orrick.com for more information about the firm.

How to Apply: If you are searching for a chance to create an impact, you have a little grit and you love working with a team, we want to talk with you. To submit your resume and cover letter for this position, please visit our Staff and Paralegal Opportunities Listings at www.orrick.com/Careers. Orrick accepts applications for this position on an ongoing basis, until filled.

We are an Equal Opportunity Employer.

Consistent with the SF Fair Chance Ordinance, an arrest and conviction record will not automatically disqualify a qualified applicant from consideration.

Qualified applicants with criminal histories will be considered for the position in a manner consistent with the requirements of the Los Angeles Fair Chance Initiative for Hiring.

#LI-DNI