Job Specifications
A growing legal services organization is seeking a security-focused technologist who can jump in quickly, tackle complex challenges, and thrive in a workspace built primarily around macOS systems. This role sits within the internal technology group and plays a key part in safeguarding confidential information, internal systems, and communication channels. The position supports both the main organization and its affiliated entities. We're looking for someone with strong technical instincts, a deep grasp of modern security practices, and the ability to anticipate issues before they surface.
What You’ll Take On
Perform ongoing reviews of the firm’s security posture, including vulnerability scans, risk evaluations, and related testing. Recommend and roll out improvements where needed.
Serve as the point person for external audits tied to potential security certifications.
Build, refine, and oversee the firm’s incident response processes. Lead investigations, coordinate remediation steps, and schedule/execute routine IRP exercises.
Maintain alignment with applicable privacy and regulatory requirements (such as HIPAA, GDPR, CCPA). Draft, revise, and reinforce internal security standards and guidelines.
Partner with outside monitoring providers (SOC, EDR, etc.) to track alerts, analyze activity, and prepare regular security summaries for leadership.
Lead staff training efforts to strengthen awareness and reduce avoidable security issues.
Manage endpoint protection tools and act as the subject-matter expert for all security-related applications.
Complete client security questionnaires and review outside counsel requirements as needed.
Work collaboratively with attorneys, IT professionals, and trusted vendors to embed proper security measures into systems, projects, and new technologies.
Ensure security tools and agents stay up to date through regular patching and maintenance cycles.
Assist with evaluating, designing, and maintaining security solutions such as firewalls, IDS/IPS, encryption configurations, antivirus tools, and access controls.
Participate in reviews of new and existing systems to verify they meet risk and compliance expectations.
Oversee the vendor security review process, ensuring third-party partners follow appropriate safeguards.
Support additional technology or security tasks as assigned.
What You Bring
Bachelor’s degree in IT, cybersecurity, or a related discipline—or comparable experience.
At least five years in a hands-on security engineering or similar cybersecurity role; experience in legal or financial services is beneficial.
Relevant credentials (CISSP, CISM, or similar) are advantageous.
Technical Background
Skilled with tools such as VPNs, firewalls, SIEM platforms, endpoint protection systems, and IDS/IPS technologies.
Solid understanding of encryption, secure development principles, and core network security protocols.
Knowledgeable about frameworks and regulations including GDPR, HIPAA, CCPA, and similar standards.
Awareness of common certification processes like ISO and SOC.
Strong analytical instinct with the ability to spot, interpret, and resolve potential vulnerabilities.
Comfortable explaining complex security topics to individuals without a technical background.
Detail-oriented and capable of balancing multiple initiatives at once.
Experience working with cloud environments—particularly Azure—and identity tools/MFA within Entra.
The Phoenix Group Advisors is an equal opportunity employer. We are committed to creating a diverse and inclusive workplace and prohibit discrimination and harassment of any kind based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. We strive to attract talented individuals from all backgrounds and provide equal employment opportunities to all employees and applicants for employment.