Senior Manager, IT Security - UK, EMEA in City of London

Efficient and effective IT systems are essential to the effective operation of a global law firm like Herbert Smith Freehills. The information technology team keeps our global team of lawyers and the supporting business services staff connected whether we're in the office or on the move. Information technology is responsible for everything information systems-related. That includes:

• Technical support: IT helpdesks, asset management (including laptops and mobile devices) and technical training
• Infrastructure: networks and systems, servers (real and virtualised), disaster recovery, business continuity and IT security
• Development: designing and acquiring business applications.

While the roles within the division may vary, all involve providing the very best services and systems. You may also have the opportunity to work on challenging projects across the firm. To succeed, you will have a strong focus on client service, be able to come up with creative solutions and see beyond complexity to identify the core issues facing the business. In return, we can offer a rewarding career at the forefront of the legal and IT professions, with significant scope for professional development.

Key Responsibilities

The role is responsible for IT Security operations, management processes, procedures and related operational documentation within the UK, EMEA regions. Although having regional responsibilities, it is key that this role works closely with the Senior Manager, IT Security, Australia & Asia to ensure consistency and collaboration is fostered.

The Senior Manager, IT Security will apply risk management techniques to identify security weaknesses and work with all IT teams to mitigate them, using the firm's existing ITIL-aligned change management framework. The role also involves providing technical security guidance and support to the firm, e.g. working with fee-earners to provide responses to client data security audits, and support to projects (related to IT Security).

Operational

• To proactively monitor and manage security logs, and take appropriate and timely action to resolve, educate and escalate where necessary
• Liaise with our outsource partners to ensure accurate reporting and remediation of security issues.
• Ensure that the technical operational procedures and documentation for IT security are up-to-date, relevant and thorough; this extends to departmental documentation, documentation for the wider business and where appropriate for clients
• Maintain an up-to-date and in-depth knowledge of cyber security and associated techniques and technologies, and disseminate this within the function and, where appropriate, within the wider IT team
• To provide IT Security guidance and knowledge to fellow Senior Management team members
• To provide users awareness, education and training on IT security, using various methods including poster campaigns, comms and awareness sessions
• Supplier Management - Provide advice and input regarding IT security with regards to the departments and firm's suppliers and partners where appropriate.

Assurance

• To identify potential areas of non-compliance or inappropriate practices, conduct a successful investigation into the circumstances and construct an appropriate response including forming the business case where necessary
• Ensure that the capability is present to identify, investigate and communicate as appropriate, significant IT Security breaches. It is to be ensured that such cases are closed quickly and authoritatively without error or omission that could undermine the service. It is also vital to identify root causes for such events and effectively mitigate against future occurrences through lessons learnt
• To provide, oversee and manage an IT security assurance function that facilitates the implementation of HSF (UK, EMEA) projects and services in all regions. This includes interactions with 3rd party specialists such as penetration testers where all work must be appropriately approved and managed to preserve the integrity of the service.

Change

• Ensuring that all new HSF (UK, EMEA) projects and changes to existing services are security-impact assessed against HSF's securing controls, attending Change Board meetings as appropriate and escalating as required
• Within an environment of empowered users, provide solutions to their business demands such as greater mobility and flexibility whilst maintaining the security of the firms systems
• Ensuring our services have security embedded that is commensurate with both the evolving threat landscape and identified risk
• Provide the firm's users with the support and knowledge to be able to take individual responsibility for IT security in their own environment
• Oversee the ISO/IEC27001/2 process, where implemented, to ensure continued certification and continuous improvement
• To provide input to strategic oversight on global information security matters, including projects limited to specific geographic regions and global projects

Qualifications, Skills and Experience

• Working knowledge of a broad range of security technologies e.g. encryption, multi-factor authentication, endpoint protection, IDS/IPS, access control, vulnerability management toolsets, malware defences, protective monitoring, physical security controls, SIEM
• A solid understanding of security concepts and principles, including the ability to identify and measure attack vectors
• Ability to structure a reasoned business case for undertaking security improvements
• A good knowledge of current Windows server operating environments, Active Directory and Group Policy
• Solid knowledge of prevalent smart device platforms (BlackBerry 10, iOS, Android) and related security technologies
• Knowledge of network security devices and associated protocols
• Extensive knowledge of ISO/IEC27001/27002:2013
• Awareness of ISO/IEC22301, ISO/IEC27035 and ISO/IEC27005
• Working effectively in a matrix-managed environment
• Demonstrable experience of supplier management and commercial acumen
• A minimum of 5 years' relevant IT Security experience preferably within a networking environment
• Ability to write structured guidance to the business regarding matters of IT security
• Familiarity with current trends and recent developments in IT security
• ITIL Service Management Foundation certification (or equivalent) would be desirable but is not essential
• CISSP or CISM certification would be preferred
• An innovative mindset, curious about AI and emerging technologies.