Enterprise Security Compliance Manager

Latham & Watkins is one of the world’s leading global law firms advising the businesses and institutions that drive the global economy. We are the market leaders in major financial and business centers around the world. Our investment in people, commitment to innovation, and focus on the future empower you to build an incredible career and thrive as an exceptional professional in a supportive culture. If you aspire to be the best, and work with the best, this is where you belong.

The Enterprise Security Compliance Manager is an integral part of Latham’s Global Security & Risk Management team. This role will be responsible for managing the firm’s security compliance activities focused on third-party vendors, while overseeing the firm’s vendor audit and third-party access review processes, including but not limited to cloud service providers, and engaging in a risk-based approach to determine the depth of each audit, leading the audit, working closely with the Contract Review, Information Governance, and other teams, and providing a recommendation to management based on the results. This role will be located in our Global Services Office in Downtown Los Angeles. Please note that this role may be eligible for a flexible working schedule that allows for a hybrid and in-office presence. 

Other key responsibilities include:

• Organizing and conducting meetings of the firm’s Third Party Access Security Review Team, coordinating the assessment of vendors, and leveraging team members’ expertise in the vendor review process
• Arranging third-party penetration tests and vulnerability testing by identifying and negotiating with vendors, scheduling testing, and following up on results delivery
• Reviewing firm contracts as part of the firm’s contract review process to assess and recommend adjustments that serve to minimize security risk in firm agreements
• Supporting the client security review process on an overflow basis, from Intake through Closure, by identifying all necessary internal stakeholders based on the request (e.g., security survey, audit, review), assembling relevant and appropriate documentation, drafting responses, scheduling and leading calls/meetings, and communicating follow-up activities
• In coordination with the Information Security Officer, evaluating the results of internal and external system vulnerability scans, and arranging necessary internal follow-up to facilitate agreement regarding any recommended remediation items
• Tracking agreed security remediation efforts from vulnerability tests, etc., and with the support of the Information Security Office and others, ensuring successful disposition of each item
• Working to enhance the confidentiality, integrity, and availability of data at the firm, regardless of form
• Maintaining information security documentation and assisting in the development of security policies and procedures
• Serving as subject matter expert for information security principles and practices (especially as they pertain to vendors and cloud security) and promotes a culture of security throughout the firm
• Protecting and maintaining any highly sensitive, confidential, privileged, financial, and/or proprietary information that Latham & Watkins retains 
  

We’d love to hear from you if you:

• Exhibit well-developed and professional interpersonal skills and the ability to interact effectively with clients, vendors, and colleagues at all organizational levels
• Demonstrate strong communication skills, both written and verbal
• Possess strong analytical skills, including effectively defining problems and identifying solutions

And have:

• A bachelor's degree or diploma of higher education; equivalent experience in Security and Technology may be considered in lieu of a degree
• A bachelor’s degree in Information Systems, Computer Science, Engineering, or a related field, preferably
• A recognized security certification, preferably
• A minimum of five (5) years of experience in information security
• A minimum of ten (10) years of experience working in information technology
• A minimum of two (2) years of experience applying project management concepts
• Experience working in a law practice office, preferably

Successful candidates will not only be provided with an outstanding career opportunity and welcoming environment, but will also be provided with a generous total compensation package with bonuses awarded in recognition of both individual and firm performance. Eligible employees can participate in Latham’s comprehensive benefit program which includes:

• Healthcare, life and disability insurance
• A generous 401k plan
• At least 11 paid holidays per year, and a PTO program that accrues 23 days during the first year of employment and grows with tenure
• Well-being programs (e.g. mental health services, mindfulness and resiliency, medical resources, well-being events, and more)
• Professional development programs
• Employee discounts
• Affinity groups, networks, and coalitions for lawyers and staff

Latham & Watkins is an equal opportunity employer. The Firm prohibits discrimination against any employee or applicant for employment on the basis of race (including, but not limited to, hair texture and protective hairstyles), color, religion, sex, age, national origin, sexual orientation, gender identity, veteran status (including veterans of the Vietnam era), gender expression, marital status, or any other characteristic or condition protected by applicable statute.

Latham & Watkins LLP will consider qualified applicants with criminal histories in a manner consistent with the City of Los Angeles Fair Chance Initiative for Hiring Ordinance (FCIHO)​.  Please click the link below to review the Ordinance.

Pleaseclick hereto review your rights under U.S. employment laws.

#MidSenior #LI-JN1