Director of Information Security
Job Description
Manatt, Phelps & Phillips LLP (www.manatt.com) is a multidisciplinary, integrated national professional services firm known for quality and an extraordinary commitment to clients. The Firm’s groundbreaking hybrid approach brings together under one roof legal services, advocacy and business strategy. Our multidisciplinary teams collaborate across market-leading practices in health care, financial services, entertainment, digital & technology, and energy, environmental and real estate, tackling complex business challenges with a unique blend of policy insight, legal excellence, and commercial acumen. The firm has eleven offices across the United States, including over 500 attorneys and consulting professionals more than 350 business and administrative professionals.
Manatt, Phelps & Phillips, LLP is seeking a strategic and operationally adept Director of Information Security to lead and mature the firm's information security program. This is a critical leadership role at a pivotal moment as Manatt accelerates its cloud transformation, expands its AI capabilities, and evolves its enterprise technology infrastructure.
Reporting directly to the Chief Information Officer, the Director of Information Security will serve as the firm's senior security leader, responsible for protecting client data, firm assets, and regulated information — including PHI — across Manatt's legal, business consulting, and healthcare advisory practices. This individual will own the strategy, governance, and execution of the firm's information security program across all domains: risk and compliance, security architecture, incident response, and security operations.
Key Responsibilities:
Security Strategy & Leadership
- Develop, maintain, and execute a firm-wide information security strategy aligned to Manatt's business objectives, growth agenda, and risk appetite.
- Serve as the primary security advisor to the CIO, COO, executive leadership, and firm governance bodies; present security posture and program updates to senior stakeholders and the board as required.
- Build and lead a high-performing information security team, including hiring, mentoring, and professional development.
- Define and manage the information security program budget, balancing investment in tooling, staffing, and managed services.
Risk Management & Compliance
- Own the firm's information security risk management program, including risk assessment, treatment, and continuous monitoring.
- Ensure compliance with applicable legal and regulatory frameworks including HIPAA/HITECH, state privacy laws, ABA cybersecurity guidelines, and client security requirements.
- Lead responses to client security questionnaires, RFPs, and third-party audits; serve as the primary security point of contact for client due diligence inquiries.
- Oversee vendor and third-party risk management, including security assessments of key technology partners and service providers.
Security Architecture & Engineering
- Provide security leadership and oversight for the firm's cloud transformation and data center migration initiatives, including Azure cloud security architecture and governance.
- Establish and enforce security standards and controls aligned to CIS Benchmarks and industry best practices across endpoint, network, cloud, and application layers.
- Partner with IT and engineering teams to embed security into the system development lifecycle, AI/LLM adoption initiatives, and enterprise technology deployments.
- Oversee the implementation and management of security tooling including endpoint protection, SIEM/SOAR, identity and access management, DLP, and vulnerability management.
Security Operations & Incident Response
- Lead the firm's security operations function, ensuring 24/7 threat monitoring, detection, and response capabilities.
- Own the incident response program, including playbooks, tabletop exercises, and coordination with legal, HR, and executive leadership during security events.
- Manage relationships with external security partners, MSSPs, and legal counsel in connection with security incidents and breach notification obligations.
- Oversee vulnerability and patch management programs in coordination with IT operations.
AI Security & Emerging Threats
- Advise on and govern the secure adoption of AI and generative AI tools, including LLM-based legal technology platforms, ensuring appropriate data handling, access controls, and residency requirements.
- Stay abreast of the evolving threat landscape as it pertains to professional services, legal, and healthcare-adjacent industries; translate threat intelligence into actionable program improvements.
Security Awareness & Culture
- Lead the firm's security awareness and training program, fostering a security-conscious culture across attorneys, business professionals, and leadership.
- Partner with HR and firm management to communicate policies and expectations around acceptable use, data handling, and security hygiene.
Required Skills & Expertise:
- Bachelor’s or Master’s degree in Computer Science, Information Systems, Data Management, or related field.
- 10+ years of progressive information security experience, with at least 3 years in a senior leadership role.
- Demonstrated experience leading enterprise security programs in a professional services, legal, consulting, or similarly regulated environment.
- Deep knowledge of security frameworks and standards including NIST CSF, CIS Controls, ISO 27001, SOC 2, and HIPAA security rule requirements.
- Hands-on experience with Microsoft Azure security architecture, including Defender for Cloud, Entra ID (Azure AD), Sentinel, and related tooling.
- Strong understanding of endpoint, network, identity, and cloud security domains.
- Proven ability to communicate complex security topics to non-technical executive and board-level audiences.
- Experience managing and responding to cybersecurity incidents, including coordination with legal counsel and regulatory notification obligations.
- Bachelor's degree in Computer Science, Information Systems, or related field — or equivalent professional experience.
Preferred
- CISSP, CISM, or equivalent advanced security certification strongly preferred.
- Experience in law firm or Big 4 / professional services security environments.
- Familiarity with legal technology platforms, matter management systems, and document management systems (e.g., iManage, NetDocuments).
- Experience with AI/LLM security governance, including evaluation of legal AI tools and data residency controls.
The base annual pay range for this role is between $210,000-$250,000. The base pay to be offered will vary and depend on skills and qualifications, experience, location and will also take into account internal equity. A full range of medical, financial and/or other benefits dependent on the position will also be offered.
EEO/AA EMPLOYER/Veterans/Disabled
Manatt is an equal opportunity employer, dedicated to a policy of non-discrimination in employment on any basis including race, color, physical or mental disability, religion, creed, national origin, citizenship status, ancestry, sex or gender (including gender identity, gender expression, status as a transgender or transsexual individual, pregnancy, childbirth, or related medical conditions), age (over 40), genetic information, past, current, or prospective service in the uniformed services, sexual orientation, political activity or affiliation, genetic or and any other protected classes or characteristic protected under applicable federal, state, or local law. Consistent with the American Disabilities Act, applicants may request accommodations needed to participate in the application process.