Job Description

Cyber Security Compliance Manager - ISO 27001

This range is provided by Blue Bridge People. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

$155,000.00/yr - $175,000.00/yr

Additional compensation types

Annual Bonus

This is a direct hire role that would sit 2-3 days a week in the client's Boston or Washington DC offices.

About the Role:

We are seeking an experienced Information Security Compliance Manager with a background in professional services or law firm environments to lead compliance initiatives and oversee security audits. This role requires extensive expertise in ISO 27001 audits and will be a key driver in ensuring the firm’s security policies and risk management processes align with regulatory and client requirements. Working closely with the Director of Information Security , the selected candidate will play a strategic leadership role in safeguarding the firm’s data and technology infrastructure while maintaining compliance with client-mandated security standards.

Key Responsibilities:

• Approve risk decisions and policy exceptions in coordination with the Director of Information Security , ensuring alignment with the firm’s security strategy.
• Supervise the Cyber Security Compliance Analyst , guiding risk assessments, vulnerability management, security process audits, and compliance reporting.
• Lead and oversee ISO 27001 audits , including internal assessments and firm-wide compliance efforts.
• Manage client-driven cybersecurity audits and ensure adherence to security-related Outside Counsel Guidelines (OCGs) .
• Support information security governance within system development, covering production acceptance, change management, user administration, security logging, and secure workflow processes.
• Administer the firm’s application security review process , ensuring new technology services comply with security policies.
• Monitor and enhance security incident response processes, prioritizing and addressing security threats effectively.
• Lead enterprise-wide security projects , implementing best-in-class security protections to safeguard firm and client data.
• Act as a trusted cybersecurity advisor , fostering a culture of security awareness across the firm.
• Provide professional client service , ensuring internal and external stakeholders receive clear, proactive communication regarding security policies and initiatives.
• Take on additional responsibilities as needed to support the firm’s security and compliance objectives.

What You Will Bring:

• Extensive experience with ISO 27001 audits and other major cybersecurity frameworks (NIST, SOC 2, etc.), preferably in a law firm or professional services environment .
• Strong technical background in security risk management, compliance, and regulatory requirements for the legal industry.
• Hands-on experience with cybersecurity tools, security logging, risk analysis, vulnerability management, and governance frameworks .
• Proficiency in network security, databases, and enterprise system operations .
• Exceptional ability to analyze risks, anticipate obstacles, and develop strategic security solutions .
• Proven leadership experience in managing security teams and projects, with strong decision-making and communication skills.
• Ability to influence senior leadership and collaborate with cross-functional teams on security compliance initiatives.

Required Qualifications:

• Bachelor’s Degree in Cybersecurity, Computer Science, or a related technical field .
• Security certification preferred (CISSP, CISM, CRISC, or equivalent) .
• Minimum 5 years of experience supporting information security in a law firm or professional services environment .
• Supervisory experience within a cybersecurity organization .

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Information Technology

Industries

Business Consulting and Services

Job Tags

Similar Jobs