Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Strengthen security posture through governance, policy, and assurance in a prestigious law firm.
- Company: Join a leading international law firm with a focus on innovation and security.
- Benefits: Competitive salary, professional development, and a dynamic work environment.
- Why this job: Make a real impact on security assurance and influence outcomes from the start.
- Qualifications: 4+ years in information security, strong knowledge of ISO 27001, and experience in regulated environments.
- Other info: Strategic role with excellent career growth opportunities in a collaborative team.
The predicted salary is between 48000 - 72000 £ per year.
We are partnering with a prestigious international law firm to hire an Information Security Assurance Specialist to join its Information Security and Privacy team within the wider Legal, Risk, and Compliance function, based in London. This is a newly created role reporting to the Information Security Manager, focused on strengthening the firm’s security posture. The role sits firmly in the second line of defence, with an emphasis on governance, policy, and assurance rather than day‑to‑day operations.
The core focus is security assurance testing, particularly penetration testing. You will ensure testing is appropriately scoped, meaningful, and followed through to resolution. You will also embed security assurance into IT projects and change initiatives by defining security requirements, reviewing designs, and working with technical teams to mitigate security risks arising from change. A key aspect of the role is early engagement with projects. You’ll partner with architects, business analysts, and DevOps teams to challenge designs and influence security outcomes from the outset. The role requires strong technical understanding, without hands‑on engineering.
Key responsibilities include:
- Supporting architecture and design reviews
- Ensuring systems align with InfoSec policies and standards
- Helping evolve assurance frameworks as new technologies are adopted
- Supporting ISO 27001 certification and policy development
This is a strategic role with a broad, firm‑wide view rather than ownership of a single product or platform.
Required experience:
- 4+ years’ experience in information security or technical cyber security
- Strong knowledge of ISO 27001 and Cyber Essentials Plus (auditor or implementer experience desirable)
- Experience in regulated or private‑sector environments (law firm experience advantageous; FS/banking backgrounds welcome)
- Understanding of Lines of Defence models and second‑line assurance roles
Information Security Assurance Specialist employer: Taylor Root
Contact Detail:
Taylor Root Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security Assurance Specialist
✨Tip Number 1
Network like a pro! Reach out to folks in the legal and compliance sectors, especially those who work in information security. Use platforms like LinkedIn to connect and engage with them; you never know who might have the inside scoop on job openings.
✨Tip Number 2
Prepare for interviews by brushing up on your knowledge of ISO 27001 and Cyber Essentials Plus. Be ready to discuss how you've applied these standards in past roles, as this will show you're not just familiar but also experienced in the field.
✨Tip Number 3
Showcase your strategic thinking! When discussing your experience, highlight instances where you’ve influenced security outcomes early in projects. This aligns perfectly with the role’s focus on governance and assurance.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets the attention it deserves. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Information Security Assurance Specialist
Some tips for your application 🫡
Tailor Your CV: Make sure your CV speaks directly to the role of Information Security Assurance Specialist. Highlight your experience with ISO 27001 and any relevant projects you've worked on that align with security assurance testing.
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how your background makes you a perfect fit for this strategic role. Don’t forget to mention your experience in regulated environments!
Showcase Your Technical Knowledge: We want to see your understanding of security frameworks and assurance processes. Include specific examples of how you've supported architecture reviews or evolved assurance frameworks in your previous roles.
Apply Through Our Website: To make sure your application gets the attention it deserves, apply directly through our website. It’s the best way for us to keep track of your application and ensure it reaches the right people!
How to prepare for a job interview at Taylor Root
✨Know Your Stuff
Make sure you brush up on your knowledge of ISO 27001 and Cyber Essentials Plus. Be ready to discuss how you've applied these standards in previous roles, especially in regulated environments. This will show that you understand the importance of governance and assurance in information security.
✨Showcase Your Strategic Thinking
Since this role is all about strengthening security posture, be prepared to talk about how you've influenced security outcomes in past projects. Think of examples where you engaged early with teams to challenge designs and mitigate risks. This will demonstrate your proactive approach and strategic mindset.
✨Understand the Lines of Defence
Familiarise yourself with the Lines of Defence model and be ready to explain how the second line of defence operates. Discuss how your experience aligns with this model and how you can contribute to the firm's security assurance efforts without being hands-on in engineering.
✨Ask Insightful Questions
Prepare some thoughtful questions about the firm's current security challenges and their approach to embedding security assurance into IT projects. This not only shows your interest in the role but also gives you a chance to demonstrate your understanding of the complexities involved in information security.
