Overview:
Mayer Brown is an international law firm positioned to represent the world’s major corporations, funds, and financial institutions in their most important and complex transactions and disputes. We are recognized by our clients as strategic partners with deep commercial instincts and a commitment to creatively anticipating their needs and delivering excellence in everything we do.
We are a collegial, collaborative firm where highly motivated individuals with an unwavering commitment to excellence receive the opportunity, support, and development they need to grow, thrive, and realize their greatest potential all while supporting the Firm’s client service principles of excellence, strategic partnership, commercial instinct, integrated strengths, innovation, and collaboration across our international firm.
If you enjoy working with team members whose defining characteristics are exceptional client service, initiative, professionalism, responsiveness, and adaptability, you may be the person we are seeking to join our Information Technology department in our Chicago, Salt Lake City, or Los Angeles office, as a Lead Engineer: Information Security.
The Lead Engineer: Information Security will implement and maintain various technologies to ensure the security of the Firm’s systems. Will be responsible for providing technical leadership for strategic projects and initiatives on the security roadmap, as well as participating in more general network security and architectural efforts. Will also collaborate with other engineers and departments to apply and support best practices for security, server building, change management, account management, documentation, data loss prevention and user experience management.
Responsibilities:

EDUCATION/TRAINING/CERTIFICATIONS:

• Bachelor’s degree in a related field. An equivalent combination of education and/or experience may be considered in lieu of the degree when the experience has been directly related to the functions of the job
• CISSP or CEH certification preferred

PROFESSIONAL EXPERIENCE:

• 5+ years of experience in an Information Security department

TECHNICAL SKILLS:

• Excellent working knowledge of CISSP, CEH required
• Excellent knowledge of the ISO 27002 standard preferred
• Excellent working knowledge of networking and security standards required
• Good documentation skills and authentication methods experience required
• Excellent knowledge of a network/firewall security preferred
• Good knowledge of Disaster Recovery preferred
• Strong technical knowledge of cloud environments such as Azure/M365/O365
• Familiarity with DLP incident handling, remediation, and reporting
• Proficiency in Microsoft Office products
• Experience in securing AI-driven systems and leveraging AI tools.
• Familiar with Microsoft Defender for Endpoint, Thales, CrowdStrike Falcon and SIEM, CyberArk, Rapid7, and Palo Alto is a plus

Performance Traits:

• Strong written and verbal communication skills, able to communicate and negotiate effectively and in a professional manner with all levels of the Firm and outside vendors
• Ability to work in a diverse team environment and effectively support the demanding needs of the Firm
• Ability to work under pressure, meet deadlines with shifting priorities
• Must be a self-starter with a high level of initiative
• Strong customer service skills, able to anticipate needs and exercise independent judgment
• Strong attention to detail, organizational skills and the ability to handle multiple projects
• Maintains confidentiality and exercises discretion
• Exercises solid strategic thinking and problem-solving skills
• Ability to weigh business needs against security concerns and articulate issues to customers and management
• Willingness to challenge the status quo

PHYSICAL REQUIREMENTS:

• Willing to travel 20% domestically / internationally
  The typical pay scale for this position in Chicago is between $120,000 and $159,000, in Salt Lake City between $117,000 and $154,000, and in Los Angeles between $127,000 and $168,000 although the actual wage or salary could be lower or higher if the candidate’s education, experience, skills and internal pay alignment are different from those specified.
  The above is a general description of the essential duties associated with this position and does not represent an exhaustive or comprehensive list of all duties.
  The Firm may modify and amend this job description at any time at its sole discretion. Nothing herein creates a contract of employment or otherwise modifies the at-will nature of employment.
  We offer competitive compensation and comprehensive benefits, including medical/dental/vision/life/and AD&D insurance, 401(k) savings plan, back-up childcare and eldercare, generous paid time off (PTO), as well as opportunities for professional development and growth.
  Thank you for your interest in Mayer Brown. We are committed to providing equal opportunity and reasonable accommodations to applicants and employees with disabilities and disabled veterans. To request a reasonable accommodation related to the application process and/or job interview, please email uslateralrecruiting@mayerbrown.com. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

• Ensures that Mayer Brown, LLP has a secure architecture for authorization and authentication internally, as well as business to business
• Implements security architecture of the firm related to transition to cloud (e.g., Azure/M365, Teams/O365 and iManage Cloud)
• Ensures that all security risks are managed and communicated clearly and effectively
• Develops and maintains all documentation related to Global Security Team operations and functions
• Ensures that information is openly communicated and shared with other members of the team
• Ensures that objectives are achieved by working closely with all members of the Firm departments as necessary and in collaboration with the Assistant Director: Global Information Security & Senior Director: Global Information Security, CISO and Global Information Security
• Ensures that change controls are adhered to and communicated to the partners and staff
• Keeps abreast of all specific security issues
• Analysis of data collected from established Data Loss Prevention system(s) and methods to ensure compliance with Firm policies
• Manages DLP systems and processes as required
• Assists in defining DLP policies to protect firm and client assets
• Defines incident response workflow for DLP positive hits
• Develops metrics for measuring effectiveness of the DLP solution
• Assists in the preparation, approval, implementation and adherence of the Information Security Policies within the Firm
• Manages projects and tasks related to the Firm as directed by the Assistant Director: Global Information Security
• Detects and responds to all incidents of an information security nature within the Mayer Brown environment
• Maintains and coordinates incident response planning, assisting in execution of the incident response plan as needed
• Identifies and communicates to management the cause of all information security incidents, making recommendations as to how the specific incidents can be mitigated in the future
• Controls access to the Firm’s Information Systems and related security configuration
• Participates fully in all efforts to develop security policies to meet client or other compliance requirements
• Ensures monitoring and alert notifications are implemented in accordance with the business needs
• Assists in preparing and completing risk assessments for vendors, projects, and systems
• Assists in the development and authorization process of all new IT policies introduced, ensuring that the necessary security audits and tests are carried out prior to being introduced into production
• Manages the review of the security program by an approved independent party and ensure any gaps are addressed
• Monitors methods of physical data security, such as the storage of backup media, and propose/implement any changes where necessary
• Ensures whenever possible that undesirable use of IT facilities is prevented/minimized at all times
• Educates Mayer Brown’s employees in the benefits of security to the organization, themselves and their working environment
• Collaborates with other staff in IT to ensure that security standards are developed and enforced in implementing or upgrading firm technology
• Keeps Security Awareness site on Global Net updated with current material
• Performs investigations as requested by Human Resources, Information Technology or General Counsel executing searches and producing output as required by the Firm
• Contributes to Business Continuity and Disaster Recovery
• Performs other duties as assigned or required to meet Firm goals and objectives
  Qualifications: