Job Description - Director of Security and Compliance in Los Angeles, Ca
Return to jobs

Director of Security and Compliance

Ref: US_EN_6_914737_1464130

Posted on 16 September 2022

At Modis, we use our insight, knowledge, and global resources to make exceptional connections every day. With 60 branch offices located strategically throughout North America, we are positioned perfectly to deliver the industry's top talent to each of our clients. Clients choose Modis as their workforce partner to solve staffing challenges that range from locating hard-to-find niche talent to completing quick-fill demands.

Position: Manager of Governance, Risk and Compliance (GRC)

Type: Full-time

Salary: DOE

Location: Los Angeles, CA (Onsite 2 days per week)

Manager of Governance, Risk and Compliance (GRC)

Position Summary:

As a valued member of the Information Security team, you will join a highly skilled and motivated team of Information Security professionals and as a part of Technology Services.

As the world shifts into Industry 4.0 (Fourth Industrial Revolution or 4IR), technological changes are more than just efficiency; AI, Machine Learning, Natural Language Programming, advanced robotics, and a blurring of the lines between physical, digital, and biological worlds. This change is forcing the legal industry, which has typically lagged behind technological advancement, to catch up rapidly. In addition, the Cloud, our clients, and new competition (Big Four and Alternative Legal Services Providers) are forcing the industry to adapt to remain relevant.

Much of this shift also creates new risks and gaps in the traditional Legal security model. As systems evolve and adopt a new architecture, to take advantage of these new technology changes, so must the Security architecture and controls tied to our frameworks. Cloud (SaaS, PaaS, IaaS, UCaaS, etc.) is a big part of this change. It must be considered while keeping a sharp eye on the User Experience and Legal Technology Operations which reshape modern law practice.

The qualified individual will manage our ISO 27001 and 27017 compliance and policies, coordinate and assess compliance audits, respond to client assessments, manage vendor risk assessments and outside counsel guidelines, and other security-related tasks. A big part of managing our Security frameworks is ensuring they align with our Security controls and therefore requires this individual to work alongside and establish a strong relationship with our Security and Enterprise Architect(s).

This position will report to the Chief Information Security Officer (CISO).

Essential Functions:

  • Facilitate risk and governance program activities, such as risk assessments, risk exceptions, risk ratings, business risk consultations, and risk mitigation/remediation recommendations
  • Manage, develop, audit, and enforce security-related policies and procedures.
  • Manage outside client guidelines (OCGs) for quick reference of Security, Privacy, and other IT notification requirements of the client per the OCGs, e.g., Cloud
  • Manage and review infrastructure technology vendor contracts and vendor risk assessments.
  • Partner with Data Privacy and Information Security to determine and maintain an inventory of all regulatory, client, and organizational technology compliance requirements.
  • Research and maintain a view of American Bar Association (ABA) and local/state guidelines pertaining to security, privacy, and data.
  • Contribute to Security Incident Response planning, documentation, and continuous improvement.
  • Education, Experience, and other skills:

  • Previous ISO 27001 audit experience desired.
  • Previous law firm experience is highly desired.
  • Must possess excellent oral and written communication skills and experience communicating with all levels of management
  • Must be a team player and ready to work as a cohesive group.
  • Must be adaptable and able to work in a changing environment
  • Must be detail-oriented, thorough, and well organized
  • Must be self-motivated, able to take direction, and be responsible for the end work product
  • Must be a practical, logical, and critical thinker with an ability to solve problems
  • Experience with IT security, compliance, risk, and privacy frameworks such as ISO 27001, and 27017, NIST, ABA, and local/state regulatory guidelines.
  • Experience in GRC activities: Participating in audit lifecycle, regulatory examinations, and remediation of open issues, especially with ISO 27001
  • Experience with Information Security for Identity and Access Management is preferred
  • Experience with Microsoft compliance and security as well as Cloud (Azure, M365, E5, and other Security related services and tools).
  • Proficient in Microsoft Word, Excel, and PowerPoint is required.
  • Knowledge of network security principles, best practices and industry standards.
  • Knowledge of security models that maintain and enforce security policies.
  • Knowledge of security tools and concepts, including: IDS/IPS; SIEM; Web Proxy; Encryption; Patch management; Vulnerability Scanning & Remediation; Forensics; Penetration Testing; DLP; Email Gateways; Anti-spam Services; MDM; Privileged Account Management; Log Analytics; Multi-Factor Authentication; Single Sign On; Antivirus; M365; Azure IaaS and PaaS.
  • Project management experience
  • Bachelor’s degree preferred or equivalent work experience
  • Equal Opportunity Employer/Veterans/Disabled

    To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate to

    The Company will consider qualified applicants with arrest and conviction records

    Remote Jobs

    Find your local office.

    Modis has over 100 offices in the United States, Canada and Europe. With both industry and location-specific expertise, our people know their area and their labor market and can find the right position for you.