Information Security Manager - Law Firm

Published by Neal Fowler on April 11, 2024
Salary: £100-105k + Benefits + Sign-on Bonus 
Industry: Legal
Remote Working: Hybrid
Employment Type: full time
Location: Central London, United Kingdom

Job Responsibilities

  • Acting as a deputy for the Head of Information Security.
  • In conjunction with the Head of Information Security, develop and implement information security policies, standards and documentation ensuring compliance with all applicable legal or regulatory legislations.
  • Manages and facilitates governance meetings.
  • Manages cross-functional initiatives to deliver on risk goals, policies and procedures.
  • Experience delivering presentations and engaging with senior leadership.
  • Manage the Technology risk strategies that maintain the status of industry compliance across enterprise applications, MSPs and Cloud services that store, process and transmit firm data.
  • Research and evaluate emerging security threats and ways in which to manage and mitigate them.
  • Providing SME guidance to Information Security related audits and reviews.
  • Manage audit findings (internal, external and client driven) to ensure that business departments understand issues and that remediations effectively mitigate information security risks.
  • Manage the cyber incident management process and develop appropriate document repositories, policy documents, operational schedules and processes.
  • Drive and manage processes for reporting KPI's and other metrics in relation to risk, threats, vulnerabilities, compliance and performance.
  • Manage post-incident investigations and provide advice to address issues and/or amend procedures to enhance the Firm's information security protection.
  • Manage all security certifications to ensure compliance to applicable standards and regulations.

Skills Required

  • Have an experienced level of information security risk management knowledge.
  • Design, operation, and governance of industry-standard security control frameworks.
  • Experience managing collaborating cross functionally to identify and implement best practice risk processes.
  • Experience growing and motivating a team; coaches' members through career milestones and progression.
  • Knowledgeable in technical and governance disciplines of information security, risk, audit and compliance
  • Knowledge of Azure, encryption key management and cloud-based services such as M365 is essential.
  • Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards.

This role offers hybrid working - 2 days WFH/3 days office based.

Back to job listings

Apply for this position

Job Apply

Job Apply

Maximum upload size: 1MB