Key Facts

Remote From:

Virginia (USA)

Category: IT Security Manager

Full time

Expert & Leadership (>10 years)

English

Hard Skills

Information Security Management Cyber Security Risk Management Data Security Vendor Management Microsoft 365 Microsoft Azure Endpoint Security Emerging Risk Legal Technology

Other Skills

•
Security Policies
•
Leadership
•
Mentorship
•
Collaboration

Roles & Responsibilities

10+ years of progressive experience in information security, including leadership and program ownership roles
CISSP (required); CISM or equivalent considered
Demonstrated experience leading or scaling a security program; law firm or professional services preferred
Strong experience with cloud security, vendor risk, and compliance frameworks

Requirements:

Define and execute a Firm-wide cybersecurity strategy aligned with NIST CSF, NIST AI RMF 1.0, ISO 27001, and SOC 2 frameworks
Own and continuously mature the Firm's Information Security Management System (ISMS)
Serve as the Firm's executive owner of AI security and governance
Own the Firm's vendor risk management program, including intake, risk-tiering, assessment, and continuous monitoring

Redgrave LLP

Law Practice

About Redgrave LLP

Redgrave LLP is one of the only law firms in the world focused exclusively on addressing complex legal challenges that arise at the intersection of law and technology. We call our practice “Information Law,” which encompasses eDiscovery, information governance, data privacy, and data security matters. Our team of lawyers and advisors have substantial law firm, in-house and vendor experience. This unique breadth of skills sets us apart and allows us to deliver the full range of strategic advice, counsel, and representation needed by those companies and individuals who face Information Law issues. We work collaboratively and proactively with our clients to understand their business objectives and enterprise information systems, as well as their individual legal circumstances. Leveraging this deep knowledge, we work with clients to reduce the risks and costs associated with all aspects of eDiscovery, information governance, and records management.To learn more, visit www.redgravellp.com

Company type: SME

Industry: Law Practice

Founded: 2018

Company size: 51 - 200

Website LinkedIn See all jobs →

Job description

Information Security Director Opportunity

JOB SUMMARY

Redgrave LLP is seeking an Information Security Director to lead, mature, and scale a comprehensive, enterprise-wide information security program. This is an executive ownership role working at the intersection of legal technology, client trust, and emerging AI adoption. The ISD serves as the Firm's principal authority on cybersecurity, AI governance, data protection, and enterprise risk management — accountable for ensuring the confidentiality, integrity, and availability of Firm and client data across all systems, platforms, and emerging technologies.

This is a remote position with regular collaboration across time zones.

ESSENTIAL FUNCTIONS

Enterprise Security Governance

Define and execute a Firm-wide cybersecurity strategy aligned with NIST CSF, NIST AI RMF 1.0, ISO 27001, and SOC 2 frameworks
Own and continuously mature the Firm's Information Security Management System (ISMS)
Lead ISO 27001 gap analysis and establish a roadmap toward certification
Develop, maintain, and enforce security policies, standards, procedures, and governance structures
Define and track key risk indicators (KRIs), metrics, and reporting frameworks

AI Governance & Emerging Technology Risk

Serve as the Firm's executive owner of AI security and governance
Design and implement a scalable AI governance framework, including acceptable use standards, risk-tiering criteria, and data handling controls
Evaluate AI tools, platforms, plugins, and agentic workflows prior to deployment
Monitor evolving AI risk vectors (e.g., prompt injection, data leakage, MCP connector trust boundaries)
Maintain and govern the Firm's AI System Inventory

Vendor Risk Management

Own the Firm's vendor risk management program, including intake, risk-tiering, assessment, and continuous monitoring
Evaluate SOC 2 reports, DPAs, security questionnaires, and subprocessor disclosures
Negotiate and maintain contractual security terms and data protection obligations with vendors
Respond to client-driven vendor due diligence requests from regulated industries

Compliance & Audit

Own the Firm's SOC 2 Type II program, including control maintenance, evidence collection, and auditor engagement
Ensure alignment with ABA Formal Opinion 512, client contractual requirements, and applicable regulatory standards
Manage cyber insurance processes, including underwriting submissions and renewal strategy

Security Operations

Provide executive oversight of security architecture across Microsoft 365 and Azure
Oversee Defender for Endpoint, Entra ID, Microsoft Purview, Conditional Access, and Secure Score
Own and maintain the Firm's incident response program, including tabletop exercises and response coordination

Leadership & Reporting

Serve as the Firm's primary cybersecurity advisor to executive leadership and the Management Committee
Establish regular reporting on security posture, AI risk, vendor risk exposure, and program maturity
Direct and mentor the Information Security Analyst and develop organizational security capability

QUALIFICATIONS

Required:

10+ years of progressive experience in information security, including leadership and program ownership roles
CISSP (required); CISM or equivalent considered
Demonstrated experience leading or scaling a security program; law firm or professional services preferred
Strong experience with cloud security, vendor risk, and compliance frameworks
Experience with SOC 2 programs and enterprise security tooling in Microsoft environments

Preferred:

Experience with AI governance frameworks and emerging technology risk
Experience leading ISO 27001 certification or gap analysis
Familiarity with legal industry technologies and client expectations
Experience in high-growth or rapidly scaling environments

PHYSICAL REQUIREMENTS

Occasionally lifts objects up to 20 pounds
Must be able to sit or stand for extended periods
Occasional travel for project-related work may be required
Work is generally performed in a home office (remotely) and in a traditional business setting

Benefits

Redgrave LLP is committed to supporting our employees and ensuring their needs are met beyond the workplace. We offer a flexible portfolio of benefits and services, including medical, dental, and vision coverage, a 401(k) plan, additional benefits to help you prepare for retirement, free access to Employee Assistance Programs, and other programs designed to help you and your family stay healthy, feel secure, and enjoy a positive work/life balance.