Dechert LLP
DirectorofITSecurity&RiskManagement
Neural analysis suggests this role is
optimal for Director candidates.
“Director of IT Security & Risk Management at Dechert LLP. Skills: Information Security, Risk Management, Cybersecurity Governance. Lead global information security program. Develop forward-looking security strategy”
Industry & Context.
Risk mitigation strategies
What They're Looking For.
Must Have
Relevant BS / BA degree, 10+ years of experience in Information Security, 5+ years in a Security leadership role, Knowledge of enterprise data centers, Knowledge of network technologies, Knowledge of virtualization, Knowledge of unified communication, Knowledge of mobility, Experience with common security standards, Experience with risk frameworks, Knowledge of enterprise architecture, Knowledge of security architecture, Understanding of common commercial development technologies, Understanding of database technologies, Experience in developing security governance program, Experience in managing security governance program, Ability to operate independently, Ability to collaborate in teams, Written communication skills, Verbal communication skills
Nice to Have
Industry recognized security certifications, Legal industry knowledge, Legal industry awareness, Project management experience, Budget experience, Forecast experience
What You'll Do.
Lead global information security program
Develop forward-looking security strategy
Serve as trusted advisor
Establish security operating model
Manage information security budget
Plan program resources
Manage program roadmap
Design cybersecurity governance framework
Maintain cybersecurity governance framework
Develop security policies
Implement security policies
Maintain security policies
Develop security standards
Implement security standards
Maintain security standards
Develop security procedures
Implement security procedures
Maintain security procedures
Develop security guidelines
Implement security guidelines
Maintain security guidelines
Create risk-based control framework
Manage risk-based control framework
Support firm-wide risk assessments
Advise leaders on risk mitigation
Oversee incident identification
Oversee incident detection
Oversee incident response
Oversee incident management
Oversee incident recovery
Lead incident response plan development
Lead incident response plan maintenance
Lead incident response plan testing
Monitor external threat environment
Advise stakeholders on threats
Advise stakeholders on vulnerabilities
Advise stakeholders on mitigation actions
Ensure business-critical services resilience
Ensure services recoverability
Ensure security controls effectiveness
Embed security into projects
Embed security into system implementations
Embed security into operational processes
Embed security into technology change initiatives
Evaluate security technologies
Implement security technologies
Improve operational maturity
Establish baseline controls
Support asset inventories development
Support asset inventories maintenance
Partner with Procurement on contracts
Partner with General Counsel on contracts
Ensure security provisions in contracts
Ensure data protection in contracts
Support client security assessments
Support outside counsel guidelines
Support security due diligence requests
Define standards for client expectations
Maintain standards for client expectations
Define controls for client expectations
Maintain controls for client expectations
Define assurance practices for client expectations
Maintain assurance practices for client expectations
Build relationships with external peers
Build relationships with external partners
Build relationships with external vendors
Build relationships with industry groups
Lead security awareness program
Lead security training program
Establish security metrics
Establish security reporting
Measure program effectiveness
Identify security trends
Support decision-making
Recruit information security professionals
Develop information security professionals
Retain information security professionals
Foster accountability culture
Foster collaboration culture
Foster continuous improvement culture
How You'll Work.
Team & Collaboration
Partner with firm leadership; Partner with business services; Partner with technology teams; Partner with legal stakeholders; Partner with risk stakeholders; Collaborate in teams
Communication Scope
Written communication; Verbal communication
Process & Methodology
Program roadmap, Budget management
Full Job Description
The Director of Information Security is responsible for leading the firm’s global information security program and advancing a comprehensive, risk-based security strategy aligned with the firm’s business objectives, client obligations, and regulatory requirements. Reporting to the Chief Information and AI Officer, this role provides strategic and operational leadership across cybersecurity governance, risk management, security operations, incident response, security architecture, awareness, compliance, and third-party security. This leader partners closely with firm leadership, business services, technology teams, legal and risk stakeholders, and external partners to safeguard the confidentiality, integrity, and availability of the firm’s information assets, systems, and services. This role ensures security is embedded across the enterprise while enabling the business, protecting client trust, and supporting resilience in a complex global threat and regulatory environment. **_Job Description_** **ESSENTIAL JOB FUNCTIONS** : **Security Strategy and Leadership** * Lead the firm’s global information security program and develop a forward-looking security strategy aligned with business priorities, client expectations, and enterprise risk tolerance. * Serve as a trusted advisor to the CIO and firm leadership on cyber risk, security posture, investment priorities, and emerging threats. * Establish and maintain an effective security operating model that supports both day-to-day protection and long-term program maturity. * Manage the information security budget, resource planning, and program roadmap. **Governance, Risk, and Compliance** * Design and maintain a cybersecurity governance framework, including appropriate steering committees, reporting structures, and decision-making forums. * Develop, implement, and maintain security policies, standards, procedures, and guidelines across the firm. * Create and manage a unified, risk-based control framework that supports legal,
Applying for this Director of IT Security & Risk Management role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Dechert LLP?
Real rants from real employees. Read before you apply.