Career Center

ABOUT JENNER & BLOCK

• Manages the firm’s Information Security Management System (ISMS) according to the ISO 27001 standard, including preparing the firm for all audits and maintaining certification.
• Manages the firm’s Privacy Information Management System (PIMS) according to the ISO 27701 standard, including preparing the firm for all audits and maintaining certification.
• Develops, tests, documents, evaluates, tracks and improves information security controls for all information technology resources, applications, privacy and security protocols.
• Develops and tracks security metrics to monitor Information Security program performance.
• Implements security audit guidelines and workflow process, testing the capability, reliability and effectiveness of the firm's security systems, applications, protocols and procedures.
• Manages periodic risk assessments, risk treatment plans, and completion of risk treatment activities.
• Collaborates with appropriate stakeholders to document and implement necessary policies and procedures to comply with ISO 27001 standards and to maintain certification.
• Reviews and manages security requirements in third-party guidelines and agreements.
• Works with appropriate personnel to respond to client generated security assessments.
• Coordinates the firm’s Vendor Risk Management program to ensure firm vendors meet the firm’s security and confidentiality requirements.

• Undergraduate degree in computer science, information technology, related subject matters or equivalent work experience.
• Knowledge of information security controls and standards, particularly ISO 27001/27002
• Knowledge of privacy frameworks, particularly ISO 27701, rules and regulations related to privacy (e.g., HIPAA, GDPR) .
• 5+ years in an information security and / or privacy role, preferably in a law firm or other environment involving critical data and confidentiality management requirements.
• Experience managing people, processes and security privacy programs.
• General knowledge of enterprise security technologies, including SIEM, IDS/IPS systems and firewalls, antivirus, enterprise vulnerability scanning and testing, data at rest encryption technologies, etc.
• Experience managing and responding to audits and other tests of security controls, developing audit plans and procedures, and reporting the results of such audits.
• Experience writing/developing security / privacy policies and procedures.
• CISSP, CISM, CRISC, CISA, GIAC, or other security certifications desired.
• Strong analytical and problem solving skills.
• Excellent communication (oral, written, presentation), interpersonal and consultative skills.
• Able to work independently, self-directed.

COVID-19 VACCINATION PROTOCOL

Jenner & Block LLP requires all US employees be documented as fully vaccinated. Exemption requests related to a medical or pregnancy contraindication, or a sincerely held religious belief, will be reviewed and considered dependent on the firm's ability to provide an accommodation without undue hardship. The firm will not allow negative COVID-19 test results in lieu of verification of full vaccination.

Jenner & Block LLP is an equal opportunity employer. Recruitment and employment decisions are not made on the basis of an individual’s race, color, creed, religion, national origin, ancestry, citizenship status, age, non-disqualifying physical or mental disability or medical condition, genetic information, sexual orientation, sex, gender identity and/or expression, pregnancy, childbirth, breastfeeding or related medical conditions, arrest record, matriculation, personal appearance, political affiliation, marital, parental, veteran, military, or order of protection status, or any other protected status or that of their relatives, friends, or associates.