Director of IT Security & Risk Management

The Director of Information Security is responsible for leading the firms global information security program and advancing a comprehensive, risk-based security strategy aligned with the firms business objectives, client obligations, and regulatory requirements. Reporting to the Chief Information and AI Officer, this role provides strategic and operational leadership across cybersecurity governance, risk management, security operations, incident response, security architecture, awareness, compliance, and third-party security.

This leader partners closely with firm leadership, business services, technology teams, legal and risk stakeholders, and external partners to safeguard the confidentiality, integrity, and availability of the firms information assets, systems, and services. This role ensures security is embedded across the enterprise while enabling the business, protecting client trust, and supporting resilience in a complex global threat and regulatory environment.

Job Description

ESSENTIAL JOB FUNCTIONS :

Security Strategy and Leadership

• Lead the firms global information security program and develop a forward-looking security strategy aligned with business priorities, client expectations, and enterprise risk tolerance.
• Serve as a trusted advisor to the CIO and firm leadership on cyber risk, security posture, investment priorities, and emerging threats.
• Establish and maintain an effective security operating model that supports both day-to-day protection and long-term program maturity.
• Manage the information security budget, resource planning, and program roadmap.

Governance, Risk, and Compliance

• Design and maintain a cybersecurity governance framework, including appropriate steering committees, reporting structures, and decision-making forums.
• Develop, implement, and maintain security policies, standards, procedures, and guidelines across the firm.
• Create and manage a unified, risk-based control framework that supports legal, regulatory, contractual, and client-driven requirements across jurisdictions.
• Partner with stakeholders across IT, General Counsel, Privacy, Procurement, and Business Continuity to ensure alignment and consistent application of security controls.
• Support firm-wide risk assessments and advise leaders on risk mitigation strategies within the firms risk appetite

Security Operations and Incident Response

• Oversee the firms ability to identify, detect, respond to, manage, and recover from cybersecurity incidents.
• Lead the development, maintenance, and testing of incident response plans, playbooks, and procedures.
• Monitor the external threat environment and advise stakeholders on relevant threats, vulnerabilities, and mitigation actions.
• Help ensure business-critical services are resilient and recoverable in the event of a security incident.
• Partner with technology teams to ensure security controls are effective across infrastructure, cloud platforms, applications, networks, endpoints, identity, and data.

Security Enablement and Architecture

• Ensure security is embedded into projects, system implementations, operational processes, and technology change initiatives.
• Evaluate and implement modern security technologies and practices to strengthen the firms capabilities and improve operational maturity.
• Help establish standards and baseline controls across the firms technology environment.
• Support development and maintenance of asset inventories, including cloud services, third-party hosted systems, and critical information assets.

Client, Vendor, and Commercial Security Support

• Partner with Procurement and General Counsel to ensure appropriate information security and data protection provisions are included in vendor and third-party contracts.
• Support responses to client security assessments, outside counsel guidelines, audits, RFPs, and security due diligence requests.
• Help define and maintain the standards, controls, and assurance practices necessary to meet firm and client expectations.
• Build and maintain relationships with external peers, partners, vendors, and industry groups to stay informed on trends, incidents, and best practices.

Security Awareness and Team Leadership

• Lead the firms security awareness and training program for employees, contractors, and approved system users.
• Establish meaningful security metrics and reporting to measure effectiveness, identify trends, and support decision-making.
• Recruit, develop, and retain a high-performing and diverse team of information security professionals.
• Foster a strong culture of accountability, collaboration, and continuous improvement across the security function and broader organization.

INTERACTIONS AND CHALLENGES

Works under the general supervision of the Chief Information and AI Officer.

QUALIFICATIONS / KSAs

• Knowledge and experience with enterprise data centers, network technologies, virtualization, unified communication, mobility
• Experience and knowledge of common security, standards and risk frameworks
• Knowledge of enterprise architecture and security architecture
• Understanding of common commercial development and database technologies
• Experience in developing and managing a security governance program
• Ability to operate independently and collaborate in teams to achieve desired outcomes
• Self motivated and highly productive
• Strong written and verbal communication skills

Required

• Relevant BS / BA degree
• 10+ years of experience in Information Security including 5+ years in a Security leadership role

Desired

• Industry recognized security certifications (CISSP, CISA, CISM)
• Legal industry knowledge and/or awareness
• Project management, budget and forecast experience

Additional Job Description

Location(s)

Philadelphia

Time Type

Full time

Dechert LLP is committed to ensuring equal employment opportunity and non-discrimination. The Firm prohibits unlawful discrimination in any term or condition of employment against any employee or applicant for employment because of the individuals race, color, creed, religion, sex, age, marital status, national origin, ancestry, citizenship, sexual orientation, gender identity or expression, genetic information, disability, membership or service in the armed forces, or any other characteristic protected by law.