Information Security and Compliance Specialist

Description

Chisholm Chisholm & Kilpatrick (CCK) is a nationally recognized law firm committed to providing exceptional client service in the areas of Veterans Law, ERISA law, and Bequest Management. CCK is seeking an Information Security & Compliance Specialist to lead our information security and compliance program. The ISS will be responsible for developing, implementing, and overseeing policies and controls that ensure compliance with HIPAA data security requirements and SOC 2 Type II audit certification. This position requires both strategic thinking and hands-on execution, with strong cross-functional collaboration across IT, legal, operations, and client-facing teams.

Key Responsibilities:

Policy & Program Management

• Develop and maintain the firm’s Information Security Management Program (ISMP).

• Establish and enforce data governance and cybersecurity policies in accordance with HIPAA, SOC 2, and relevant state laws.

• Own documentation of controls, risk assessments, audit responses, and security-related protocols.

Compliance & Risk Management

• Lead regular risk assessments and threat modeling initiatives.

• Manage the SOC 2 Type II audit process, partnering with third-party auditors and internal stakeholders.

• Oversee HIPAA compliance, including breach notification protocols, security risk analysis, and access control.

Security Operations

• Monitor cloud platforms, email, file sharing, and endpoints for data security compliance.

• Implement and maintain tools such as SIEM, MFA, and endpoint protection solutions.

• Evaluate third-party vendors for security posture and compliance alignment.

Training & Awareness

• Deliver firm-wide HIPAA security training and ongoing security awareness initiatives.

• Foster a culture of compliance through education and stakeholder engagement.

Incident Response

• Respond to incidents as needed, including triage, containment, and remediation support.

• Maintain up-to-date knowledge of industry trends, emerging threats, and best practices.

Requirements

• Bachelor’s degree in information security, Computer Science, or a related field (Master’s preferred).

• Minimum 5 years of experience in an information security role, preferably within a law firm, healthcare, or highly regulated environment.

• Deep understanding of state data security laws and regulations, HIPAA data security requirements and experience preparing for or managing SOC 2 Type II audits.

• Familiarity with NIST, ISO 27001, or COBIT frameworks.

• Experience with security tools (SIEM, endpoint protection, DLP, MFA, etc.).

• Experience with the incident response life cycle.

• Excellent communication skills and ability to work with legal, technical staff and non-technical staff.

Preferred Certifications:

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified HIPAA Security Professional (CHSP) or equivalent

• SOC 2 implementation or auditing experience

Compensation & Benefits:

• Competitive salary based on experience

• CCK offers options for medical, dental, and vision insurance (including employer-paid medical insurance for the employee!) and other wellness benefits

• Gym membership reimbursement

• 15 days of PTO which increase to 20 days of PTO after 1 year plus 12 paid company holidays in 2025

• 35 Work from Home Days per year that can be used for any reason

• 401k matching

• Paid Parental Leave

#LI-CCK