Information Security Governance Manager in Birmingham

Manage the security governance, risk and compliance activities within the Information Security Team. Work with wider governance functions to support the implementation and validation of security controls. Ensure that all obligations and certifications are met and that clients receive assurance regarding the security of the data that the firm holds for them. This role acts as a governance interface between teams within Information Security, Office of General Counsel, Risk & Resilience, and wider business functions through building relationships and assisting other teams in improving their security controls and the firm's security posture. Develop and improve the team's capabilities in response to changes in technology and business practices whilst keeping up to date with the latest security trends and capabilities.

Main Duties and Responsibilities

• Management: Management responsibility for a team of 4 people who deliver assurance of the firm's security controls, respond to client security queries and audits, input into client terms of business, and identify security risks. Responsible for ensuring that all processes and capabilities are scalable to meet the needs of the business and the demands of its clients.
• Governance, Control Assurance and Compliance: Maintain and evolve the information security policy suite, standards, baselines, and control library. Ownership of internal security compliance practices and controls within DLA Piper International, including ISO27001:2022, Cyber Essentials +, DISP, and other government mandated control frameworks. Ensure all certifications are completed successfully each year or audit period; lead on security risk management processes, ensuring they are integrated with wider enterprise risk management capabilities including KRIs. Provide clear security risk narratives and options to senior stakeholders. Design and run the control assurance programme (testing, monitoring, evidence collection). Coordinate internal/external audits (ISO 27001, Cyber Essentials +, DISP) and manage findings to closure. Track and report compliance posture, control coverage, and remediation progress. Accountable for external client audits and pitch responses, ensuring compliance with any security-related legislation or client requirements. Ensure that the firm's security controls are documented and integrated into the Information Security Management System and control framework. Define and publish security KPIs/KRIs, maturity metrics, and board-ready reporting. Ensure lessons learned from incidents feed into controls, policy, and security training. Ensure the team is focused on continual improvement in all its processes and that the needs of the business are being met in a timely manner.

About you: While not an in-depth technical role, it does require the ability to work with both technical and non-technical teams in the context of security. The role works closely with Security Architecture and Security Operations teams and has access to their expertise. Understanding of professional services organisations and the legal sector. Extensive experience of security standards and certifications including ISO 27001, Cyber Essentials, NIST CSF, and DISP. Experience of managing teams to ensure requirements are delivered on time. Ability to handle multiple priorities, working to sometimes conflicting timescales in a fast-paced and challenging environment. Ability to build trust and rapport to develop effective relationships, internally and externally. Pragmatic approach to responding to requirements and expectations from the wider business. Significant experience of managing security governance and compliance activities in a professional services organisation or other multinational business. Thorough understanding of risk management concepts and processes. Recent experience of cloud technologies and organisations making use of SaaS, PaaS, and IaaS services. Knowledge of business continuity standards, physical security, and wider operational risks are useful. Qualifications and certifications in information security, risk management, and audit are desirable such as 27001 Lead Implementer/Auditor, CISM, CISA, CRISC, or CISSP.

About us: We are a global law firm helping our clients achieve their goals wherever they do business. Our pursuit of innovation has transformed our delivery of legal services. With offices in the Americas, Europe, the Middle East, Africa, and Asia Pacific, we deliver exceptional outcomes on cross-border projects, critical transactions, and high-stakes disputes. At DLA Piper, we understand that inclusion is not a one-size-fits-all concept. We embrace and celebrate the range of perspectives, backgrounds, and experiences that each individual brings to our firm. By fostering a culture that welcomes and appreciates all aspects of our individuality, we ensure that everyone has the opportunity to succeed. Our commitment to inclusion and positive social impact enables us to provide exceptional service to our clients and communities while nurturing a unique and inclusive culture for all our people. We welcome the unique contribution that you will bring to our firm and actively encourage applications from all talented people - however your talent is packaged, whatever your background or circumstance, and regardless of how you identify. We are committed to being accessible and accommodating any reasonable adjustments needed throughout the recruitment process to ensure an inclusive experience for all. If you need any support or adjustments, please let us know. Where local legislation permits, we will conduct relevant pre-engagement screening checks prior to your first day.