Lead Engineer: Information Security

Overview

Mayer Brown is an international law firm positioned to represent the world’s major corporations, funds, and financial institutions in their most important and complex transactions and disputes. We are recognised by our clients as strategic partners with deep commercial instincts and a commitment to creatively anticipating their needs and delivering excellence in everything we do. We are a collegial and collaborative firm where highly motivated individuals with an unwavering commitment to excellence receive the opportunity, support, and development they need to grow, thrive, and realise their greatest potential all while supporting the Firm’s client service principles of excellence, strategic partnership, commercial instinct, integrated strengths, innovation, and collaboration across our international firm.

If you enjoy working with team members whose defining characteristics are exceptional client service, initiative, professionalism, responsiveness, and adaptability, you may be the person we are seeking to join our Information Technology team in our London office.

Hours: 9:00am to 5:00pm with flexibility in accordance with the needs of the business. Our current working from home policy allows for two days working from home, subject to business need. This policy is subject to change and does not form part of contractual terms. Participation in an on-call rotation. Available and responsive to occasional after-hours issues, as the firm operates on a near 24x7 basis.

Responsibilities

• Ensures that Mayer Brown, LLP has a secure architecture for authorization and authentication internally, as well as business to business.
• Ensures that all security risks are managed and communicated clearly and effectively.
• Implement security architecture of the firm related to transition to cloud (e.g., Azure, Teams/O365 and iManage Cloud).
• Develops and maintains all documentation related to Global Security Team operations and functions.
• Ensures that information is openly communicated and shared with other members of the team.
• Ensures that objectives are achieved by working closely with all members of the Firm departments as necessary and in collaboration with the Assistant Director: Global Information Security & Senior Director: Global Information Security, CISO and Global Security team.
• Ensures that change controls are adhered to and communicated to the partners and staff.
• Keeps abreast of all specific security issues.
• Analysis of data collected from established Data Loss Prevention system(s) and methods to ensure compliance with Firm policies.
• Manages DLP systems and processes as required.
• Assists in defining DLP policies to protect firm and client assets.
• Defines incident response workflow for DLP positive hits.
• Develops metrics for measuring effectiveness of the DLP solution.
• Assists in the preparation, approval, implementation and adherence of the Information Security Policies within the Firm.
• Manages projects and tasks related to the Firm as directed by the Assistant Director: Global Information Security.
• Detects and responds to all incidents of an information security nature within the Mayer Brown environment.
• Maintains and coordinates incident response planning, assisting in execution of the incident response plan as needed.
• Identifies and communicates to management the cause of all information security incidents, making recommendations as to how the specific incidents can be mitigated in the future.
• Controls access to the Firm’s Information Systems and related security configuration.
• Participates fully in all efforts to develop security policies to meet client or other compliance requirements.
• Ensures monitoring and alert notifications are implemented in accordance with the business needs.
• Assist in preparing and completing risk assessments for vendors, projects, and systems.
• Assists in the development and authorization process of all new IT policies introduced, ensuring that the necessary security audits and tests are carried out prior to being introduced into production.
• Manages the review of the security program by an approved independent party and ensures any gaps are addressed.
• Monitors methods of physical data security, such as the storage of backup media, and propose/implement any changes where necessary.
• Ensures whenever possible that undesirable use of IT facilities is prevented/minimized at all times.
• Educates Mayer Brown’s employees in the benefits of security to the organization, themselves and their working environment.
• Collaborates with other staff in IT to ensure that security standards are developed and enforced in implementing or upgrading firm technology.
• Keep Security Awareness site on Global Net updated with current material.
• Perform investigations as requested by Human Resources, Information Technology or General Counsel executing searches and producing output as required by the Firm.
• Contribute to Business Continuity and Disaster Recovery.
• Performs other duties as assigned or required to meet Firm goals and objectives.
• Willing to travel 20% domestically / internationally.

Qualifications

• Bachelor’s degree in a related field. An equivalent combination of education and/or experience may be considered in lieu of the degree when the experience has been directly related to the functions of the job.
• CISSP or CEH certification preferred.

Experience, skills and personal attributes:

• 5 years of experience in an Information Security department.
• Excellent working knowledge of CISSP, CEH required.
• Excellent knowledge of the ISO 27002 standard preferred.
• Excellent working knowledge of networking and security standards required.
• Good documentation skills and authentication methods experience required.
• Excellent knowledge of a network/firewall security preferred.
• Good knowledge of Disaster Recovery preferred.
• Strong technical knowledge of cloud environments such as Azure / O365.
• Familiarity with DLP incident handling, remediation, and reporting.
• Proficiency in Microsoft Office products.
• Experience in securing AI-driven systems and leveraging AI tools.
• Familiar with Microsoft Defender for Endpoint, Thales, CrowdStrike Falcon and SIEM, CyberArk, Rapid7, and Palo Alto products is a plus.
• Strong written and verbal communication skills, able to communicate and negotiate effectively and in a professional manner with all levels of the Firm and outside vendors.
• Ability to work in a diverse team environment and effectively support the demanding needs of the Firm.
• Ability to work under pressure, meet deadlines with shifting priorities.
• Must be a self-starter with a high level of initiative.
• Strong customer service skills, able to anticipate needs and exercise independent judgment.
• Strong attention to detail, organizational skills and the ability to handle multiple projects.
• Maintains confidentiality and exercises discretion.
• Exercises solid strategic thinking and problem-solving skills.
• Ability to weigh business needs against security concerns and articulate issues to customers and management.
• Willingness to challenge the status quo.

At Mayer Brown, we are committed to creating an inclusive work environment that offers our people the opportunity and support they need to succeed. Our culture promotes mutual respect, acceptance, cooperation and productivity among people from all backgrounds and values different perspectives and ideas. One of our core values at Mayer Brown is to promote inclusion at all levels within the business which is actively supported by our Employee Resource Groups - LGBT+, Fusion (Race & Ethnicity), Multi-faith, Women, Enable (Disability) and Work and Me (Family). We are happy to discuss any reasonable adjustments that individuals may require throughout the recruitment process and once they have joined the Firm.