Global Security Engineer

Mayer Brown is a leading global law firm with offices in 22 key business centres across the Americas, Asia, Europe and the Middle East. We are uniquely positioned to advise leading companies and financial institutions on their most complex legal needs. We have deep experience in high-stakes litigation and complex transactions across industry sectors, including our signature strength, the global financial services industry.

We are a collegial, collaborative and diverse firm where highly motivated individuals with an unwavering commitment to excellence receive the opportunity, support and development they need to grow, thrive and realise their greatest potential. We also encourage all our people to use their skills to support the wider community through our pro bono and community volunteering programmes.  At Mayer Brown the principles of mutual respect, dignity and understanding are central to the way we work and help to provide an environment where diversity and inclusion are embraced.

• Ensures that Mayer Brown, LLP has a secure architecture for authorization and authentication internally, as well as business to business
• Ensures that all security risks are managed and communicated clearly and effectively
• Implement security architecture of the firm related to transition to cloud (e.g., Azure, Teams/O365 and iManage Cloud)
• Develops and maintains all documentation related to Global Security Team operations and functions
• Ensures that information is openly communicated and shared with other members of the team
• Ensures that objectives are achieved by working closely with all members of the Firm departments as necessary and in collaboration with the Global Director of Information Security and Global Security team
• Ensures that change controls are adhered to and communicated to the partners and staff
• Keeps abreast of all specific security issues
• Analysis of data collected from established Data Loss Prevention system(s) and methods to ensure compliance with Firm policies
• Manages DLP systems and processes as required
• Assists in defining DLP policies to protect firm and client assets
• Defines incident response workflow for DLP positive hits
• Develops metrics for measuring effectiveness of the DLP solution
• Assists in the preparation, approval, implementation and adherence of the Information Security Policies within the Firm
• Manages projects and tasks related to the Firm as directed by the Global Assistant Director of Information Security
• Detects and responds to all incidents of an information security nature within the Mayer Brown environment
• Maintains and coordinates incident response planning, assisting in execution of the incident response plan as needed
• Identifies and communicates to management the cause of all information security incidents, making recommendations as to how the specific incidents can be mitigated in the future
• Controls access to the Firm’s Information Systems and related security configuration
• Participates fully in all efforts to develop security policies to meet client or other compliance requirements
• Ensures monitoring and alert notifications are implemented in accordance with the business needs
• Assist in preparing and completing risk assessments for vendors, projects, and systems.
• Assists in the development and authorization process of all new IT policies introduced, ensuring that the necessary security audits and tests are carried out prior to being introduced into production
• Manages the review of the security program by an approved independent party and ensure any gaps are addressed
• Monitors methods of physical data security, such as the storage of backup media, and propose/implement any changes where necessary
• Ensures whenever possible that undesirable use of IT facilities is prevented/minimized at all times
• Educates Mayer Brown’s employees in the benefits of security to the organization, themselves and their working environment
• Collaborates with other staff in IT to ensure that security standards are developed and enforced in implementing or upgrading firm technology
• Keep Security Awareness site on Global Net updated with current material
• Perform investigations as requested by Human Resources, Information Technology or General Counsel executing searches and producing output as required by the Firm
• Plan for Business Continuity and Disaster Recovery
• Performs other duties as assigned or required to meet Firm goals and objectives
• Willing to travel 20% domestically / internationally

• Bachelor’s degree in a related field.  An equivalent combination of education and/or experience may be considered in lieu of the degree when the experience has been directly related to the functions of the job
• CISSP or CEH certification preferred
• 5 years of experience in an Information Security department
• Excellent working knowledge of CISSP, CEH required
• Excellent knowledge of the ISO 27002 standard preferred
• Excellent working knowledge of networking and security standards required
• Good documentation skills and authentication methods experience required
• Excellent knowledge of a network/firewall security preferred
• Good knowledge of Disaster Recovery preferred
• Strong technical knowledge of cloud environments such as Azure/O365
• Familiarity with DLP incident handling, remediation, and reporting
• Proficiency in Microsoft Office products
• Experience in securing AI-driven systems and leveraging AI tools.
• Familiar with Microsoft Defender for Endpoint, CyberArk, Rapid7, Palo Alto and SIEM products is a plus
• Strong written and verbal communication skills, able to communicate and negotiate effectively and in a professional manner with all levels of the Firm and outside vendors
• Ability to work in a diverse team environment and effectively support the demanding needs of the Firm
• Ability to work under pressure, meet deadlines with shifting priorities
• Must be a self-starter with a high level of initiative
• Strong customer service skills, able to anticipate needs and exercise independent judgment
• Strong attention to detail, organizational skills and the ability to handle multiple projects
• Maintains confidentiality and exercises discretion
• Exercises solid strategic thinking and problem-solving skills
• Ability to weigh business needs against security concerns and articulate issues to customers and management
• Willingness to challenge the status quo
• May require occasional lifting of up to 20 lbs.