Remote Vendor Risk Management Jobs in Washington, DC

JOB SUMMARY

Redgrave LLP is seeking an Information Security Director to lead, mature, and scale a comprehensive, enterprise-wide information security program. This is an executive ownership role working at the intersection of legal technology, client trust, and emerging AI adoption. The ISD serves as the Firm\'s principal authority on cybersecurity, AI governance, data protection, and enterprise risk management — accountable for ensuring the confidentiality, integrity, and availability of Firm and client data across all systems, platforms, and emerging technologies.

This is a remote position with regular collaboration across time zones.

ESSENTIAL FUNCTIONS

Enterprise Security Governance

• Define and execute a Firm-wide cybersecurity strategy aligned with NIST CSF, NIST AI RMF 1.0, ISO 27001, and SOC 2 frameworks
• Own and continuously mature the Firm\'s Information Security Management System (ISMS)
• Lead ISO 27001 gap analysis and establish a roadmap toward certification
• Develop, maintain, and enforce security policies, standards, procedures, and governance structures
• Define and track key risk indicators (KRIs), metrics, and reporting frameworks

AI Governance & Emerging Technology Risk

• Serve as the Firm\'s executive owner of AI security and governance
• Design and implement a scalable AI governance framework, including acceptable use standards, risk-tiering criteria, and data handling controls
• Evaluate AI tools, platforms, plugins, and agentic workflows prior to deployment
• Monitor evolving AI risk vectors (e.g., prompt injection, data leakage, MCP connector trust boundaries)
• Maintain and govern the Firm\'s AI System Inventory

Vendor Risk Management

• Own the Firm\'s vendor risk management program, including intake, risk-tiering, assessment, and continuous monitoring
• Evaluate SOC 2 reports, DPAs, security questionnaires, and subprocessor disclosures
• Negotiate and maintain contractual security terms and data protection obligations with vendors
• Respond to client-driven vendor due diligence requests from regulated industries

Compliance & Audit

• Own the Firm\'s SOC 2 Type II program, including control maintenance, evidence collection, and auditor engagement
• Ensure alignment with ABA Formal Opinion 512, client contractual requirements, and applicable regulatory standards
• Manage cyber insurance processes, including underwriting submissions and renewal strategy

Security Operations

• Provide executive oversight of security architecture across Microsoft 365 and Azure
• Oversee Defender for Endpoint, Entra ID, Microsoft Purview, Conditional Access, and Secure Score
• Own and maintain the Firm\'s incident response program, including tabletop exercises and response coordination

Leadership & Reporting

• Serve as the Firm\'s primary cybersecurity advisor to executive leadership and the Management Committee
• Establish regular reporting on security posture, AI risk, vendor risk exposure, and program maturity
• Direct and mentor the Information Security Analyst and develop organizational security capability

QUALIFICATIONS

Required:

• 10+ years of progressive experience in information security, including leadership and program ownership roles
• CISSP (required); CISM or equivalent considered
• Demonstrated experience leading or scaling a security program; law firm or professional services preferred
• Strong experience with cloud security, vendor risk, and compliance frameworks
• Experience with SOC 2 programs and enterprise security tooling in Microsoft environments

Preferred:

• Experience with AI governance frameworks and emerging technology risk
• Experience leading ISO 27001 certification or gap analysis
• Familiarity with legal industry technologies and client expectations
• Experience in high-growth or rapidly scaling environments

PHYSICAL REQUIREMENTS

• Occasionally lifts objects up to 20 pounds
• Must be able to sit or stand for extended periods
• Occasional travel for project-related work may be required
• Work is generally performed in a home office (remotely) and in a traditional business setting

Redgrave LLP is committed to supporting our employees and ensuring their needs are met beyond the workplace. We offer a flexible portfolio of benefits and services, including medical, dental, and vision coverage, a 401(k) plan, additional benefits to help you prepare for retirement, free access to Employee Assistance Programs, and other programs designed to help you and your family stay healthy, feel secure, and enjoy a positive work/life balance.