Information Security Lead

Dentons is designed to be different. Our firm leads the way in a rapidly changing legal marketplace. We challenge the status quo and deliver consistent results as well as uncompromising quality and value to our clients. Our global presence is renowned as a firm with over 21,000 individuals in more than 200 offices serving clients across 80+ countries. Dentons Canada is committed to its people and communities. We are consistently recognized as an employer of choice having received numerous awards including being selected as one of Canada’s Top 100 Employers (2024); Canada’s Top Employers for Young People (2024), and Canada’s Best Diversity Employers (2024). This role is an opportunity for you to join the world’s largest law firm, a firm that offers opportunities to build your career while growing your skills and deepening your expertise. ROLE Dentons Canada LLP is currently recruiting for an Information Security Lead who will be responsible for ensuring the security, integrity, and availability of Dentons Canada information assets. The candidate will contribute to the management and continuous improvement of multiple security programs. The position entails the development, implementation, and maintenance of security controls, through people, processes, and technology, across the organization. KEY RESPONSIBILITIES & ACCOUNTABILITIES Maintain operational oversight of security systems and security configuration administration to adequately respond to risk to enterprise systems and accounts, both on-premise and the cloud. Actively monitor, assess, and recommend tactical and strategic initiatives based on new and emerging threats. Prepare periodic reports to showcase the current security posture of our Information Security Program. Protect systems in compliance with Information security policies and standards in addition to recognized frameworks (ISO 27001, NIST, etc). Lead a team of Information Security professionals across multiple programs. Maintain secure, resilient enterprise-grade processes in tandem with various IT stakeholders, such as Information Security, IT Infrastructure, and Operations teams. In partnership with Business Services, ensure services are properly positioned within client RFP responses as well as aligning responses at a global level. Oversee regional internal and external client audits as it relates to IT security and compliance. Help develop, maintain, evaluate, and implement policies, standards, and procedures in line with both business requirements. Help ensure IT services are well aligned with security and information management guidelines. Security Operations and Incident Management Program Lead the implementation, configuration, and daily operation of Information Security technologies. Act as a key figure in incident response to track occurrence and resolution, with strict documentation and reporting as well as engagement within the department; and within the organization, from a technical standpoint. Orchestrate the incident response process within the department, and work with key stakeholders within the department to respond, resolve, and recover from the incident. Manage third-party security partners, ensure objectives are met, and work in partnership to continuously improve security operations processes. Act as an active participant within Incident Tabletop exercises. Streamline, mature, and automate (where applicable), the Incident Response playbooks and processes within the organization. Vulnerability Management Program Analyze threat and vulnerability feeds data for applicability to the environment and perform compensating controls analysis and validate the efficacy of existing controls and provide recommendations. Lead the team to perform security research, analysis, assessments, and support with penetration testing and remediation actions. Conduct vulnerability assessments to evaluate attack vectors, identify vulnerabilities, and develop remediation plans. Work with IT stakeholders to guide and assist them during the remediation process. Data Governance & Compliance Ensure that the following activities occur in accordance with Firm information security policies, including: Administer document classification audits and coordinate remediation activities. Help develop guidance, processes, and tools/controls to ensure Firm data is structured and secured appropriately. Help ensure data integrity of core client data across Firm systems. Advise on development and implementation of Information Security metrics, measurement criteria, and reporting to ensure compliance and continuous improvement. Perform periodic compliance reporting to provide assurance of coverage and effectiveness of controls. SKILLS & COMPETENCIES Strong written and oral communication skills. Strong stakeholder management skills and experience. Strong organizational skills with impeccable attention to detail. Strong situational analysis and decision-making skills, with experience balancing technical trade-offs. Demonstrates how to Act as One by being a team player across the Firm. Leads by example by modelling excellent customer service and leadership (demonstrating empathy, patience, attentiveness, and tenacity). Strong problem solving and analytical skills; can clearly explain and present problems and issues to others and contribute to their resolution. Ability to work under pressure and think clearly in challenging situations in a logical manner. Ability to be flexible in approach and be comfortable with a fluid organizational structure that requires both teamwork and self-sufficiency as necessary, with the ability to work under minimal supervision. Demonstrate initiative and the ability to be proactive, anticipating needs. Continues to develop leadership and technical skills. Flexibility to accommodate working in multiple time zones. EDUCATION, EXPERIENCE & CERTIFICATIONS Post-secondary education with a specialization in Information Technology and/or minimum of 8+ years of Information Technology experience in designing, developing, and maintaining IT cybersecurity solutions. 6+ years of experience in an Information Security related role with at least 3 years of experience in a management or functional lead capacity relating to information security & policy, preferably in a professional services environment. Experience assessing against standards and frameworks (ISO 27001/27002, ISO 15408, NIST Cybersecurity Framework). Strong understanding of cloud computing concepts, architecture patterns, and best practices. Experience in incident response. Familiarity with the MITRE ATT&CK framework. Experience with MS Sentinel, and Microsoft suite of security products, such as, but not limited to, Defender for Endpoint, Defender for Identity, Defender for cloud, etc. At least one relevant certification such as CISSP, CISM, or from GIAC/ISACA is required. #J-18808-Ljbffr