Key skills
Cyber SecurityITSMServiceNowAnalyticsLeadershipRisk ManagementDecision MakingCollaboration
About this role
Role Overview
- Managing a small team to work closely with senior leaders across IT, Security Engineering, General Counsel, and firm leadership to shape how risk is understood, measured, and managed
- Lead the development of executive-level reporting on IT risk, compliance posture, and operational performance
- Build and evolve KPI/KRI dashboards that provide real-time visibility into risk trends and control effectiveness
- Translate complex IT and security data into meaningful insights for decision making
- Ensure adherence to IT policies, standards, and leading frameworks (e.g., NIST, ISO 27001)
- Own and evolve the firm’s IT risk register and Risk & Control Self-Assessment (RCSA) program
- Identify emerging and systemic risks across IT, security, privacy, and operational processes
- Partner with General Counsel, Security, and IT to lead internal investigations
- Oversee governance and reporting across the IT Service Management (ITSM) ecosystem
- Analyze incident, change, and problem management data to identify trends and improvement opportunities
- Drive workflow optimization and automation within ServiceNow
- Review and advise on vendor agreements and enhance vendor risk processes
- Identify opportunities to streamline processes, enhance reporting, and improve governance
- Introduce data-driven approaches to risk management and operational oversight
- Perform related duties as assigned or directed by supervisor
- Maintain compliance with all firm policies and procedures
Requirements
- Bachelor's degree preferred
- Seven years of experience in IT risk, security compliance, technology audit, or IT governance preferred
- Experience operating in complex, regulated environments (e.g., law firms, financial services, consulting) preferred
- Proven ability to lead reporting, analytics, and governance initiatives
- Familiarity with ServiceNow and ITSM reporting including understanding of incident, change, and problem management lifecycles
- Experience with security and collaboration platforms such as Microsoft 365, Purview and email security tools
- Working knowledge of frameworks such as the NIST Cybersecurity Framework, ISO/IEC 27001 and SOC 2
- Strong understanding of control design, risk registers, RCSA programs, and audit response
- Basic understanding of privacy regulations
- CISA, CISSP, CRISC, CTPRM and/or ITIL preferred
Tech Stack
- Cyber Security
- ITSM
- ServiceNow
Benefits
- Highly competitive salary and benefits package
- Discretionary year-end merit bonus based on performance