Information Security Manager in London

We are looking for an Information Security Manager to join our IT team in London.

Job Responsibilities

• Develop and deliver the firm's information security strategy and roadmap.
• Provide subject matter expertise and guidance on information security to partners and staff.
• Lead and mentor a small team, fostering professional growth and development.
• Lead the implementation and ongoing management of ISO 27001, including policy and control implementation and stakeholder engagement.
• Own the information security risk management process, including risk assessment, and risk/information asset register maintenance.
• Lead the development, implementation, and review of security policies, standards, and procedures.
• Ensure compliance with ISO 27001 and Cyber Essentials Plus.
• Oversee third-party risk management, including onboarding/offboarding and ongoing due diligence.
• Coordinate and respond to client audits and assurance activities.
• Maintain awareness of the current cyber-risk landscape for the firm and factor into the annual strategic cyber-plan.

Security Operations

• Own and manage the relationship with the firm's Managed Security Operations Centre (SOC), acting as the primary point of contact, ensuring service levels are met, and coordinating incident response.
• Oversee operational security including server and endpoint protection, M365 security, identity and access management, vulnerability assessments, patching, and system hardening.
• Manage security monitoring activities and support business continuity and disaster recovery initiatives.
• Monitor emerging threats advising the business on risk and required actions.
• Renew the firm's Cyber Essentials Plus certification on an annual basis.

Security Projects

• Lead the delivery of security projects, ensuring they are completed on time, within scope, and aligned with the firm's strategic objectives.
• Collaborate with project managers and business stakeholders to integrate security requirements into both IT and non-IT projects ensuring Secure by Design principles are embedded from the outset.
• Work with cross-functional teams to identify, assess, and mitigate security risks in business initiatives.

Stakeholder Engagement & Communication

• Act as the primary point of contact for information security matters across the business.
• Develop and deliver security awareness training for partners and staff.
• Represent the firm in external security forums and with clients as required.
• Prepare quarterly info. sec. management reports for the CIO and Executive Committee.

Key Skills and Experience

• Extensive experience in information security management, ideally within professional services environments.
• Proven management capabilities, including team management and effective stakeholder engagement.
• Hands-on expertise in ISO 27001 implementation and certification, from development through to successful audit.
• Experience of successfully completing Cyber Essentials Plus audits and a solid understanding of UK GDPR requirements.
• Demonstrated ability to manage third-party security relationships.
• Strategic, pragmatic, and business-aligned approach to security risk management and decision-making.
• Highly desirable certifications such as CISM, CISSP, or ISO 27001 Lead Implementer.

Broad Technical Proficiency Across

• Endpoint Security: EDR solutions and endpoint management platforms.
• Microsoft 365 / Entra ID: Identity protection, Conditional Access, MFA, and Privileged Identity Management (PIM).
• Security Monitoring & Operations: SIEM platforms and SOC processes.
• Network Security: Firewalls, web application firewalls, and VPN technologies.
• Encryption: PKI and data encryption for both data at rest and in transit.
• Email Security: Mimecast and Exchange Online, Tessian plus SPF/DKIM/DMARC configuration.
• Backup and Recovery Systems: On-premise and Cloud backup solutions.

Experience of project management disciplines (e.g. Prince2, Agile) are desirable.

Well organised, uses initiative, prioritises appropriately, applies self, shows attention to detail, manages own workload and meets deadlines.

Demonstrates excellent communication and interpersonal skills (respectful, positive, articulate, professional and sympathetic).

Delivers helpful internal services with a "can do" approach, shows commercial awareness and represents the department/firm appropriately.

Shares information and ideas, accepts and follows instructions, listens, makes notes, questions appropriately, co-operates.

Shows sound judgement and decision-making skills; acts within boundaries.

Shows commitment, passion and enthusiasm; is a respectful, reliable and supportive team player; reflects the firm's culture.

Seniority level: Mid-Senior level

Employment type: Full-time

Job function: Legal and Information Technology

Location: London, England, United Kingdom