At a Glance
- Tasks: Lead the Information Security function and ensure compliance with regulations and policies.
- Company: Dynamic law firm prioritising security and governance in a collaborative environment.
- Benefits: Hybrid working, competitive salary, and opportunities for professional growth.
- Other info: Flexible working approach tailored to role requirements.
- Why this job: Make a significant impact on information security strategy and governance.
- Qualifications: 8-12+ years in Information Security with strong governance leadership experience.
The predicted salary is between 70000 - 90000 £ per year.
To act as the senior deputy to the Head of Information Security, providing strategic leadership, governance oversight, and operational assurance across the Information Security function. This role deputises in the absence of the Head of Information Security and leads the firm’s security governance, regulatory compliance, and executive reporting activities.
Strategic & Governance Leadership
- Deputise for the Head of Information Security at ITLT, OpCom, RiskCom and Advisory Board as required.
- Define, maintain and mature the Information Security Strategy aligned to Technology Directorate and firm objectives.
- Establish governance mechanisms to ensure effective security oversight.
- Own annual review and update of Information Security Terms of Reference.
- Ensure security roles, responsibilities and training plans are defined and maintained.
Regulatory & Policy Oversight
- Own the Information Security Policy framework and supporting standards.
- Ensure mapping of regulatory and industry standards (e.g. GDPR, ISO 27001) to firm policies.
- Oversee annual policy attestation and compliance reporting.
- Lead audit readiness and regulatory engagement.
- Ensure all information security risks are documented, escalated and managed appropriately.
- Oversee third‑party security assessment programme (regulatory and client‑driven).
- Provide executive‑level reporting on security posture, risk exposure and compliance status.
- Maintain evidence framework demonstrating compliance and traceability.
- Support management of Information Security budget.
- Oversee business case development for security initiatives.
- Manage programme demand and prioritisation across the InfoSec portfolio.
Other
- Comply with all relevant legal and regulatory obligations including the Solicitors Regulation Authority (SRA) Standards and Regulations, and Principles.
Person Specification
- 8–12+ years in Information Security, with governance leadership experience.
- Strong knowledge of ISO 27001, GDPR, law firm or regulated professional services environment preferred.
- Experience presenting to executive committees.
- Strong commercial and financial awareness.
- Ability to operate at both strategic and tactical levels.
Hybrid working - We adopt a hybrid and flexible working approach, dependent on the requirements of the role and subject to manager approval.
Information Security Lead employer: Charles Russell Speechlys LLP
As an Information Security Lead, you will join a forward-thinking firm that prioritises employee growth and development within a collaborative and inclusive work culture. With a strong commitment to strategic leadership and regulatory compliance, the company offers a hybrid working model that promotes work-life balance while providing opportunities for professional advancement in the dynamic field of information security.
Contact Details:
Charles Russell Speechlys LLP Recruitment Team
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Lead
✨Tip Number 1
Network like a pro! Reach out to your connections in the Information Security field and let them know you're on the lookout for opportunities. Attend industry events or webinars to meet potential employers and get your name out there.
✨Tip Number 2
Prepare for interviews by brushing up on your knowledge of ISO 27001 and GDPR. Be ready to discuss how you've applied these standards in your previous roles. We want you to showcase your expertise and strategic thinking!
✨Tip Number 3
Don’t just wait for job postings to come to you. Actively search for roles on our website and apply directly. Tailor your application to highlight your governance leadership experience and how it aligns with the firm's objectives.
✨Tip Number 4
Follow up after interviews! A quick thank-you email can go a long way in keeping you top of mind. Use this opportunity to reiterate your interest in the role and mention any key points from the conversation that you found particularly engaging.
We think you need these skills to ace Information Security Lead
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the role of Information Security Lead. Highlight your experience in governance leadership and your knowledge of ISO 27001 and GDPR. We want to see how your background aligns with our needs!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're the perfect fit for this role. Share specific examples of your strategic leadership and operational assurance experience. We love a good story that showcases your skills!
Showcase Your Achievements:When detailing your experience, focus on your achievements rather than just responsibilities. Quantify your successes where possible, like improvements in security posture or compliance rates. We appreciate numbers that tell a story!
Apply Through Our Website:We encourage you to apply through our website for a smoother process. It helps us keep track of applications and ensures you don’t miss any important updates. Plus, it’s super easy – just a few clicks and you’re done!
How to prepare for a job interview at Charles Russell Speechlys LLP
✨Know Your Stuff
Make sure you brush up on your knowledge of ISO 27001 and GDPR, as these are crucial for the role. Be ready to discuss how you've applied these standards in previous positions, especially in a regulated environment.
✨Showcase Your Leadership Skills
Prepare examples that highlight your governance leadership experience. Think about times when you've led teams or projects, particularly in security oversight or compliance reporting, and be ready to share these stories.
✨Understand the Business
Familiarise yourself with the firm's objectives and how the Information Security function aligns with them. This will help you demonstrate your strategic thinking and commercial awareness during the interview.
✨Prepare for Executive Conversations
Since you'll be presenting to executive committees, practice articulating complex security concepts in a clear and concise manner. Consider how you would report on security posture and risk exposure to non-technical stakeholders.
