Logo for Baker Botts

Client & Vendor Risk Manager

Role overview

Qualifications

  • 6+ years of experience in information security, vendor risk management, compliance, or legal-industry operations
  • Deep understanding of security frameworks and standards (SOC 2, ISO 27001, NIST CSF, HIPAA, GLBA, state privacy laws)
  • Strong communication skills, including ability to brief partners and respond to client security teams
  • Professional certifications such as CTPRA, ISO 27001 Lead Implementer or Lead Auditor and CISSP, CISM, CRISC, or CISA

Responsibilities

  • Own and mature the firm-wide client and vendor due-diligence program
  • Serve as the firm's subject-matter expert on information-security controls during client audits and reviews
  • Lead complex vendor-risk assessments for high-impact technology and service providers
  • Monitor emerging risks and regulatory developments relevant to the legal industry

About the company

Baker Botts logo

Baker Botts

Baker Botts is an international law firm whose lawyers practice throughout a network of offices around the globe. Based on our experience and knowledge of our clients' industries, we are recognized as a leading firm in the energy, technology and life sciences sectors. Since 1840, we have provided creative and effective legal solutions for our clients while demonstrating an unrelenting commitment to excellence. For more information, please visit bakerbotts.com.

Company details

Company size1001 - 5000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

ABOUT BAKER BOTTS

Baker Botts is a leading international law firm recognized for its deep understanding of the industries it serves. With offices across major global markets, the firm delivers sophisticated legal services while cultivating a collaborative, inclusive culture where both attorneys and professional staff contribute to client success and organizational excellence.

ABOUT THE ROLE

The Information Security Client & Vendor Risk Manager leads the firm’s client due diligence program and oversees all information security vetting for third party vendors across the firm. This role requires deep expertise in security frameworks, strong risk‑assessment judgment, and the ability to influence senior stakeholders, including internal stakeholders, and client security teams. The Manager acts as a key liaison between the firm’s clients, internal leadership, IT Security, Procurement, and Risk Management, ensuring the firm meets the heightened expectations of our clients.

WHAT YOU'LL DO

Primary Responsibilities

  • Own and mature the firm‑wide client and vendor due‑diligence program, ensuring consistency, accuracy, and alignment with the firm’s security posture and regulatory obligations.
  • Serve as the firm’s subject‑matter expert on information‑security controls, certifications, and risk posture during client audits, RFPs, and reviews or client engagement terms.
  • Lead complex vendor‑risk assessments for high‑impact technology and service providers, including review of SOC 2 reports, ISO 27001 certifications, penetration‑test results, cloud‑security controls, data‑protection, privacy, and retention practices.
  • Develop and maintain the firm’s vendor‑risk management framework, including risk‑scoring methodologies, onboarding workflows, and continuous‑monitoring processes.
  • Partner with Procurement, IT, and Office of General Counsel to evaluate vendor contracts, negotiate security requirements, and recommend risk‑mitigation strategies.
  • Prepare the firm for client audits and regulatory reviews, coordinating evidence collection, documentation, and SME participation across multiple departments.
  • Represent the firm in client‑facing security discussions, including responding to escalated inquiries from corporate counsel, privacy officers, and client security teams.
  • Monitor emerging risks and regulatory developments relevant to the legal industry (e.g., SEC cybersecurity rules, state privacy laws, international data‑transfer requirements).
  • Mentor junior analysts and contribute to the professional development of the broader Risk and Compliance team.
  • Drive continuous improvement, identifying opportunities to streamline due‑diligence workflows, enhance tracking and remediation of client-identified risks, and strengthen the firm’s security posture.

Additional Responsibilities

  • Provide management with periodic reports & briefings on evolving topics within their area of responsibility.
  • Other related projects and duties as assigned by the Director of Information Security.

WHAT YOU'LL BRING

Required

  • 6+ years of experience in information security, vendor risk management, compliance, or legal‑industry operations, ideally within an Am Law 200 firm or similarly regulated environment.
  • Deep understanding of security frameworks and standards (SOC 2, ISO 27001, NIST CSF, HIPAA, GLBA, state privacy laws).
  • Experience conducting or leading vendor‑risk assessments for enterprise‑level technology providers.
  • Strong communication skills, including the ability to brief partners, respond to client security teams, and translate technical concepts for non‑technical audiences.
  • Demonstrated ability to work independently, manage sensitive information, and lead cross‑functional initiatives in a high‑pressure environment.
  • Professional certifications such as CTPRA, ISO 27001 Lead Implementer or Lead Auditor and CISSP, CISM, CRISC, or CISA required.
  • Experience with legal‑industry technologies (DMS, e‑discovery platforms, cloud‑based practice‑management tools) is a plus.

HOW YOU'LL WORK

Extent of Contact

This position requires contact with individuals within the firms as follows:

  • Daily contact with staff from the Firm’s Information Technology, Client Development and Office of the General Counsel teams.
  • Moderate contact with Firm’s attorneys and client representatives.
  • Occasional contact with Firm Management.

This position requires contact with individuals outside the firm as follows:

  • Moderate contact with Firm vendors or potential vendors.
  • Moderate contact with Firm clients

Physical Requirements

  • Must be able to routinely lift and carry event materials and other items up to 10 pounds.
  • Must be able to work at a computer for extensive periods of time.
  • Position requires extensive telephone use.
  • Must be able to lift, squat, kneel and bend.
  • Position requires the ability to visit face-to-face and on the phone with firm lawyers.

Working Conditions and Environment

  • Position is full-time and requires a five-day work week and standard hours as outlined in the Firm policy manual. Additional hours, including weekend and evening hours may be required to perform the essential functions of the job.
  • Must be able to perform essential duties of the position with time constraints and frequent interruptions. 
  • Ability to work well in high pressure environments.
  • 24x7 communication access is required.
  • This position is fully remote. You will be required to come to the office periodically for team meetings or when there is a business or client need.
  • There is potential for travel when needed for team meetings, onsite assessments etc. when there is a business or client need.
  • When working remotely, you must have secure and reliable internet service and a safe, private workspace from which to work.

Baker Botts L.L.P. is an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, gender, sex, age, religion, creed, national origin, citizenship, marital status, sexual orientation, disability, medical condition, military and veteran status, gender identity or expression, genetic information, or any other basis protected by federal, state, or local law.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Risk Manager Related jobs

Other jobs at Baker Botts

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.