Head of Information Security - Law Firm - City of London - Hybrid Working - 100-120k
Robert Half have partnered with a with a fast-growing UK Based Law firm. Over the past few years, they've over doubled in size and now employ over 600 people winning many industry awards along the way providing a fresh, modern, tech-driven focus to the legal sector.
The Role
The post holder will be responsible for the Firm's Information Security function and related functions, reporting to the CIO and subject to oversight from the firms General Council and DPO. The post holder will be responsible for managing the Firm's ISO, Cyber Essentials, GDPR compliance programmes and managing an on-going information security risk assessment program, as well as initiating and managing information governance initiatives.
Some of the responsibilities include:
- In conjunction with the CIO and the information security committee, develop and continuously improve the firm's information security strategy.
- Responsible for managing and maintaining certification as well as continuously improving the firms Integrated Management System (ISO 27001, ISO 22301, ISO 9001)
- Responsible for maintaining certification and continuously improving the firms Cyber Essential Plus programme
- Responsible for the on-going compliance with the UK GDPR Regulation in conjunction with the firms Data Protection Officers
- Line management responsibilities for the firms security analyst, including regular check-ins and annual appraisals
- Responsible for developing and managing the firm business continuity and disaster recovery programmes in line with ISO 22301 in conjunction with appropriate committees and the firms General Counsel.
- Responsible for managing and delivering a successful internal IMS audit programme
- Responsible for facilitating, managing and delivering successful external audits as required
- Responsible for managing the firms Information Security team and key information security suppliers.
- Responsible for managing and continuously improving the firms outsourced Security Operations Centre
- Responsible for chairing Information Security committee meetings and providing senior management with updates and advice as required.
- In conjunction with the Firm's General Counsel and CIO draft, review and update the firms Information Security policies and guidance notes.
- Responsible for security awareness training initiatives and communication plans to promote security awareness in the Firm.
Skills & Experience Required:
- We would expect the successful candidate to have a minimum of 3-5 years' experience in a similar role in a professional services environment
- Experience in the legal sector would be an advantage
- A further 3 - 5 years' experience in an Information Technology role, in a professional services environment
- The ability to grasp and apply complex new technologies quickly
- A good understanding of the regulatory framework constituted by the Data Protection Act, the GDPR and the SRA Guidelines, and any other regulatory framework to which the Firm may be or become subject
- All round technical understanding of IT systems
- A proven record of project delivery
- CISSP or CISM certified
- An ISO 27001 lead auditor accreditation would be an advantages
- A Project Management certification (Prince2, etc) would be an advantage
Hybrid Working, 2 days a week in brand new City of London Office
£100 - 120k Base, Discretionary Bonus, Benefits
Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: gb/en/privacy-notice
Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website: gb/en/how-spot-recruitment-scams-and-protect-yourself