Information Security Manager

Susman Godfrey LLP • Full-time • Houston, Texas, USA • 1w ago

Job Description Information Security Manager Overview

Reporting to the Director of Information Technology, the Information Security Manager is responsible for implementing, maintaining, and advancing the Firm’s information security program. This role combines information security leadership with system engineering expertise and provides escalation support for the IT Help Desk team.

Key Responsibilities Security Governance & Compliance

Ensure compliance with industry standards and regulations through regular audits and reporting on Microsoft 365 security configurations.
Facilitate Information Security Committee meetings, preparing memos and reports.
Lead the Firm to obtain SOC 2 certification by developing and updating security policies, procedures, and standards, and driving their implementation.

Microsoft 365 Security Management

Configure and manage security features across Microsoft 365, including Azure Active Directory, Microsoft Defender for Identity, and Microsoft Defender for Office 365.
Implement and enforce identity and access management controls, including Multi-Factor Authentication (MFA) and conditional access policies.

Threat Detection & Incident Response

Collaborate with security vendors (e.g., CrowdStrike) to optimize systems and enhance threat detection and response capabilities.
Lead incident response efforts, conduct forensic analysis, and prepare post-incident reports to ensure continuous improvement.

User Awareness & Training

Partner with the training team to develop and deliver security awareness programs, promoting best practices across the Microsoft 365 environment.

Collaboration & IT Support

Work closely with internal IT staff and outsourced security teams to integrate Microsoft 365 and other security measures into the broader organizational security strategy.
Act as a technical escalation point for the IT Help Desk team, providing after-hours support when required.
Monitor system patching, backups, and continuity processes, ensuring optimal performance and reliability.

Technology & Project Management

Plan, coordinate, and execute complex technology projects.
Identify problem trends, recommend solutions, and research emerging technologies.
Recommend and support hardware/software solutions, including HP servers, workstations, laptops, printers, and peripherals.

Requirements

Law firm IT and security experience required.
10+ years of experience in a professional services or corporate environment.
Proven ability to make sound decisions under high-pressure situations.
Strong leadership, teamwork, analytical, and problem-solving skills.
Excellent communication skills across all organizational levels.
Highly organized with strong attention to detail; able to thrive in a fast-paced, evolving environment.
Experience supporting multiple office locations remotely.
Ability to plan, organize, and track tasks for self and team.
Willingness to travel occasionally for business purposes.
Ability to lift and carry up to 50 pounds when necessary.

Technical Requirements

Bachelor’s degree in Information Technology, Computer Science, or related field, or equivalent experience.
Proven expertise as a Microsoft 365 Security Specialist or similar role.
In-depth knowledge of Microsoft 365 security features, tools, and administration.
Experience with threat detection, incident response, and security compliance frameworks.
Strong understanding of identity and access management principles.
Relevant certifications such as Microsoft SC-900 or equivalent.
Experience preparing policies and evidence for SOC 2 and ISO certifications.
Hands-on experience with Microsoft Azure, VMware, Windows Server, CrowdStrike, and related security tools.
Solid hardware knowledge, including support of HP servers, workstations, laptops, printers, and peripherals.

Bachelor’s degree in Information Technology, Computer Science, or related field, or equivalent experience.
Proven expertise as a Microsoft 365 Security Specialist or similar role.
In-depth knowledge of Microsoft 365 security features, tools, and administration.
Experience with threat detection, incident response, and security compliance frameworks.
Strong understanding of identity and access management principles.
Relevant certifications such as Microsoft SC-900 or equivalent.
Experience preparing policies and evidence for SOC 2 and ISO certifications.
Hands-on experience with Microsoft Azure, VMware, Windows Server, CrowdStrike, and related security tools.
Solid hardware knowledge, including support of HP servers, workstations, laptops, printers, and peripherals.