Security Architect

Dinsmore is seeking a Security Architect at our Cincinnati, OH location who will provide strategic direction and day-to-day management of Dinsmore’s security policies and compliance requirements. Responsibilities include the input and execution to implement security measures that protect Dinsmore’s assets. This role must stay up to date on the latest intelligence and cyber-attack methodologies.

Responsibilities

• Ensure the Firm has a secure architecture for authorization and authentication
• Assist in fortifying business to business exchanges to ensure legal transactions and client communications are reliable and secure
• Provide guidance on security best practices and settings with regard to the Firm’s cloud migration
• Manage the preparation, execution and remediation of various security and risk assessments
• Track and report on KPIs and metrics with regard to the Firm’s security solutions and processes
• Manage the Firm’s MSSP provider and SIEM solution
• Participate in compliance reviews and requests for mutually approved artifacts
• Review and monitor firm systems to verify established security baselines
• Perform security incident reviews, execute appropriate documentation and recommend and implement remediation action plans when required
• Development of strategic, long term security architecture road map
• Recommend and ensure proper implementation of new security solutions
• Management of existing security tools
• Consult on security best practices and appropriate settings for all new IT solutions throughout the Firm’s network and work with other members of the department to ensure ongoing security reviews of existing technology
• Create and monitor standardized internal processes to ensure security controls are consistent with overall security position of the Firm
• Align the Firm’s cloud migration and existing and ongoing network development to zero trust architecture con
• Help ensure the security aspects of end user and equipment provisioning needs are enforced
• Participate in education efforts of Firm employees to include but not limited to: dangers related to viruses and malware, denial of service attacks, internet usage best practices, external actors, phishing, and threats from internal employees and employee turnover issues
• Execute defined audit and compliance activities that address security, privacy and risk
• Ensure all security risks are managed and communicated clearly and effectively
• Execute security reviews of proposed software, vendors and projects
• Monitor methods of physical data security such as the storage of backup media and propose/implement any changes where necessary
• Address issues of data security stored, transmitted and backed up
• Troubleshoot all network security and integrity issues
• Advise Firm of current threats and issues via available resources that include governmental and law enforcement agencies
• Ensure monitoring and alert notifications are implemented in accordance with the business needs
• Recommend and review departmental policies to ensure the necessary security audits and tests are carried out prior to being introduced into production
• Maintain working knowledge of various compliance needs and changes in various industries
• Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements
• Propose and lead improvements based on knowledge and practical application of security best practices, including but not limited to threat assessment, vulnerability prevention, compliance, and monitoring tools
• Collaborate with audit, compliance, risk and IT team members
• Identify and communicate to management the cause of all Security incidents, making recommendations as to how the specific incidents can be avoided in the future
• Provide subject matter expertise and advise Firm’s personnel of best practices
• Performs other duties as assigned

Requirements

• Proven ability to professionally handle confidential matters
• Inspire confidence from attorneys, staff and internal team
• Desire and drive to create strong relationships and collaboration with and outside of assigned team
• High degree of initiative, dependability and ability to work with little supervision
• Ability to set goals and prioritize tasks across working groups
• Excellent knowledge of network architecture and troubleshooting skills
• High attention to detail with strong planning, project management and organizational skills
• Ability to design, implement and/or manage projects performed by staff or outside contractors
• Demonstrate a passion for fast-paced technology and desire to continually build upon current skills
• Desire to explore, learn and apply new technologies independently and provide subject matter expertise in all areas of responsibility
• Demonstrated ability to provide outstanding written and verbal communication to explain technical issue to both technical and non-technical personnel
• Ability to be on call 24x7x365 when need arises and participate in overall monitoring efforts
• A bachelor’s degree in Information Systems Management, Computer Science, Engineering or related discipline or equivalent experience is preferred
• Five to ten years of similar experience, preferably in the legal industry
• One or more of the following certifications are required: CISSP, CCSP, CRISC, CEPT, or similar
• Superior organizational and documentation skills
• Working knowledge of various regulatory compliance standards such as ISO, NIST, HIPAA, HITECH, PCI

Equal Opportunity Employer