Director - IT Operations and Security

Buchanan Ingersoll & Rooney is a national law firm with a proven reputation for providing progressive, industry-leading legal, business, regulatory and government relations advice to our regional, national and international clients. 

We are searching for a Director of IT Operations & Security in our Pittsburgh location. The Director of IT Operations and Security at Buchanan is a high-level leadership role that requires significant experience in managing enterprise technology operations and a strong background in IT infrastructure and information security. The Director reports to the Chief Information Officer and works closely with other senior leaders and managers within IT and in other departments to oversee complex strategic and operational technology initiatives.

The Director's main responsibilities include analyzing and collaborating across departments to maximize stability, efficiency and productivity of the Firm’s technology investments. The Director establishes strategic goals for the development of the firm's application and network infrastructure, with an emphasis on improving efficiency and productivity, in support of the Firm’s strategy. Additionally, the Director is responsible for the firm's information security program, ensuring that it is continuously developed and prepared to maintain an exceptional security posture.

• →General
  • →Lead the IT Security, Infrastructure, and Operations teams, setting strategic direction and operational priorities.
  • →Collaborate with department and firm leadership to align IT infrastructure, security, and IT service strategies with business objectives.
  • →Regularly communicate with stakeholders to provide updates on IT initiatives, gather feedback, and ensure alignment with business objectives.
  • →Working with the CIO, develop and implement IT policies and procedures, ensuring compliance with industry best practices and regulatory requirements, including data privacy and security regulations.
  • →Working with the CIO and other IT leadership, manage the IT budget, forecasting and tracking expenses, and making recommendations for cost savings. Own budgetary planning and execution in areas of responsibility.
  • →Provide leadership, guidance, and mentoring to staff, promoting a culture of continuous improvement and professional development.
  • →Stay current with emerging technologies and industry trends and make recommendations for how the firm can leverage these to gain a competitive advantage.
  • →As a member of the IT leadership team, co-own the IT innovation program and help drive awareness and adoption of existing solutions as well as identification and vetting of new use-cases.
• →Security/GRC
  • →Lead the firm's security efforts, including the development, implementation, and maintenance of security protocols and practices across all aspects of the firm's technology infrastructure.
  • →Own the enterprise security strategy/roadmap, with measurable objectives and KPIs (e.g., risk reduction, control maturity).
  • →Conduct risk assessments and vulnerability analyses (e.g. penetration testing and RBRA), responding proactively to emerging threats and incidents.
  • →Maintain and mature a risk management program (risk register, treatment plans, exception process).
  • →Maintain ISO27001 and ISO27701 certifications. Identify value-add opportunities to expand GRC certifications.
  • →Oversee the organizational security awareness program.
  • →Work with the Office of General Counsel and Manager – Information Security to respond to client audits and to address client-driven and other internal and external security and compliance requirements.
• →Infrastructure, Collaboration, and Endpoint Management
  • →Own the hybrid cloud/core infrastructure strategy and target architecture; prioritize modernization (IaC, observability, SRE practices) and tech debt reduction.
  • →Develop and implement disaster recovery and business continuity plans to ensure the availability of critical systems and data in the event of an outage or other disruption.
  • →Define service strategies and quality targets for network, compute/storage/virtualization, identity/SSO, and UC; align with Collaboration and Security.
  • →Own enterprise collaboration platforms (e.g., Microsoft 365/Teams, SharePoint/OneDrive) and unified communications/telephony, including roadmap, reliability, and adoption.
  • →Oversee meeting room/AV ecosystems (hardware standards, room profiles, monitoring, firmware lifecycles) and measure meeting/call quality (MOS, drop rates, latency)
  • →Evaluate and recommend new technologies and tools to enhance the firm's technology infrastructure, operations, and security posture.
  • →Set the endpoint strategy and multi‑year roadmap across Windows/macOS/mobile and any VDI, approving standards, hardening baselines, and device governance.
  • →Define Digital Employee Experience (DEX) objectives and KPIs; review telemetry regularly and sponsor cross‑team remediation initiatives.
• →Operations
  • →Oversee the day-to-day operations of the IT department, ensuring that all systems and services are operating efficiently and securely.
  • →Drive continuous operational improvement and implement automation strategies to enhance overall efficiency and effectiveness of IT operations.
  • →Cultivate and sustain strong vendor relationships, overseeing contract negotiation, performance management, and ensuring vendors meet agreed-upon service levels.

• Bachelor's degree in Computer Science, Information Systems, or related field. A master's degree is preferred.
• At least 10 years of experience in IT operations and security, with at least 5 years in a leadership role.
• Experience in a law firm or other professional services environment is preferred.
• Strong technical skills across a range of hardware, software, and networking technologies.
• Deep knowledge of enterprise-level security practices, including security frameworks such as ISO 27001/27701, NIST, or SOC 2.
• Excellent communication skills, both written and verbal, with the ability to communicate complex technical concepts to non-technical stakeholders.
• Strong leadership skills, with the ability to inspire and motivate a team to achieve goals and objectives.
• Knowledge of regulatory requirements and industry best practices related to IT operations and security.
• Strong problem-solving skills, with the ability to think creatively and strategically to solve complex technical issues.
• Strong project management skills, with the ability to lead projects from inception to completion on time and within budget.
• Experience with incident response and threat detection, including the ability to develop and execute security incident response plans.
• Relevant industry certifications, such as CISSP, CISM, or CISA, are preferred.

Buchanan Ingersoll and Rooney PC offers outstanding benefits that include:

• Hybrid Schedule
• Insurance – Medical, Dental, Vision
• 401K Program
• Retirement Savings Program
• Generous Paid Time Off
• Paid Holidays including a floating holiday
• WorkWell wellness program
• Free use of building gym
• Caregiving assistance with Bright Horizons (child, elder, and pet care!)
• Firm-wide emergency assistance fund
• Free full access to LinkedIn Learning

We are an Equal Opportunity Employer.