Information Security Manager in London

Travers Smith is a leading full-service law firm, with a wealth of experience in its areas of specialisation. The firm has a market-leading reputation for its international expertise in Asset Management, M&A and Dispute Resolution & Investigations. Clients include asset managers across the alternative asset classes (private equity, venture, credit, infrastructure and real estate), publicly listed and private companies, financial institutions, and other business enterprises involved in large and complex UK and cross-border matters, transactions and disputes. Our purpose is to provide the highest quality of service to our clients whilst enabling our people to achieve professional fulfilment in a supportive, inclusive and enjoyable working environment.

The Technology group is responsible for the delivery of all Technology services within the firm. The group is a business services function that supports and contributes to the objective of the legal practice. The Technology department consists of service delivery, business systems, training, technical operations, security operations, legal products, engineering, eDiscovery and information security. The Technology department supports the business with strategic technology delivery.

This is a high-profile opportunity to shape the information security agenda and play a key role in safeguarding the firm’s reputation and competitive advantage.

The Role

Reporting to the Senior Information Security Officer, the Information Security Manager holds a pivotal position with firm-wide influence and regular engagement with senior leadership. You will shape and deliver the firm’s governance, risk, and compliance (GRC) strategy, safeguarding information confidentiality, integrity, and availability across all business operations. As a leader, you will drive risk management, audits, client assurance, policy governance, and incident response and resilience programs. As a visible ambassador for information security, you will advise and influence senior decision-makers, directly shaping the firm’s security posture and reputation in the market. This role operates with delegated authority in risk treatment, policy implementation, and operational controls, and acts as a trusted advisor to both internal and external stakeholders. You will ensure ongoing compliance with ISO 27001 and regulatory requirements while championing innovative technologies and process improvements. This opportunity offers professional growth, sector engagement, and the ability to make a lasting impact on the evolution of the firm’s information security function.

Key Responsibilities

• Oversee all aspects of managing the firm’s Information Security Management System (ISMS), including policy management, compliance monitoring, risk management, audit, and continuous improvement to ensure sustained compliance with ISO 27001 and evolving regulatory, business, and client requirements.
• Act as an advisor to the firm’s senior management, partners, and key committees on information security risk, compliance, and strategic initiatives, ensuring information security is embedded in business decision-making at the highest levels.
• Exercise delegated authority to determine and implement appropriate risk responses, approve security policies, and make decisions to support compliance and business objectives.
• Own the risk register, conduct regular risk reviews with risk owners and deliver actionable insights to senior management.
• Oversee and continually assess information security risks associated with third-party vendors and suppliers.
• Lead cross-functional collaboration with Technology, Risk & Compliance, Procurement, and other business service and legal teams to deliver integrated information security governance and assurance.
• Lead on the delivery and quality of client security audits and pitch responses.
• Monitor regulatory and client expectation changes, advising on compliance and strategic roadmap.
• Prepare and present executive-level reports for the ISMS Committee, directors, or partners, ensuring timely escalation of risks and influencing decision-making.
• Coordinate and deliver user awareness programmes with evidence-based metrics and improvement proposals.
• Oversee and support data subject access requests and process improvements.
• Support incident investigations, facilitate lessons learned, and recommend changes in process or strategy.
• Support incident response and business continuity through tabletop exercises and plans or playbook maintenance.
• Identify, evaluate, and implement opportunities for innovation, automation, and process optimisation to enhance efficiency and effectiveness, and champion the adoption of cutting-edge technologies to strengthen the firm’s information security capabilities.
• Play a key role in AI risk management and governance, ensuring robust controls are implemented to support responsible AI adoption, while striking a pragmatic balance between security and minimising friction for innovation and business value creation.
• Demonstrates a commitment to excellence and delivers consistently high performance, ensuring that the information security function sets the benchmark for best practice within the firm.
• Provide leadership and day-to-day management for information security team members, including mentoring and performance development.
• Monitor the external environment for emerging threats, regulatory changes, and security trends, maintaining up-to-date GRC knowledge through threat intelligence, industry forums, and engagement with external partners and vendors.
• Represent the firm at external forums, sector working groups, and with clients during assurance or industry events to maintain awareness and enhance the firm’s reputation.

Personal Specification - Experience, Skills & Attributes

Required experience

• A minimum of 3+ years' working in an Information Security Management role in a law firm or other regulated professional services environment.
• Strong track record of leading and managing an ISMS including risk management, audit and continuous improvement.
• Proven experience applying risk management frameworks and leading risk-based assessments, including delivering executive reports with recommended actions and risk treatments.
• Proven experience in policy governance, delivering awareness programmes and cyber incident response practices.
• Proven experience responding to client audits, supporting pitch documentation, and engaging with cyber insurers.
• Proven experience building and maintaining strong cross-functional partnerships with operational teams to uphold and enhance the information security team’s reputation and influence within the firm.
• Experience with data subject access requests.
• Experience managing, mentoring, and developing information security teams within a professional services setting.
• Recognised professional qualifications in information security (e.g. CISM, CISSP, ISO 27001 Lead Implementer/Auditor).

Beneficial

• Experience embedding security throughout the SDLC, collaborating with technical and development teams to integrate SecDevOps principles for risk and compliance management.
• Experience managing budgets and resource allocation.

Personal Attributes

• Promoting a positive security culture.
• Excellent communicator with the ability to influence, advocate for information security best practices, and build strong relationships with stakeholders at all levels, including senior leadership, both internally and externally.
• Skilled at translating complex technical concepts into clear, accessible language for non-technical audiences.
• Engaging and approachable, fostering trust and building rapport easily with stakeholders and team members at all levels.
• Demonstrates a collaborative, team-oriented approach, readily supporting colleagues and sharing knowledge to achieve common goals.
• Demonstrates adaptability, flexibility, and a positive, solutions-focused mindset.
• Approaches challenges with a strategic understanding of the wider business context.
• Remains calm and effective under pressure, with a proactive approach to improvement and automation.
• Highly organised, with a rigorous and methodical approach to planning and prioritising work in a fast-paced environment.
• Acts with integrity, accountability, and reliability, upholding the highest standards of confidentiality and professionalism.
• Committed to continuous professional development and eager to engage with industry networks and contribute to the firm’s thought leadership in information security.

We are excited to have moved from our London headquarters in Snow Hill, to a brand-new building in the City – Stonecutter Court.

Diversity & Inclusion statement: We value and celebrate the unique backgrounds, perspectives, and experiences of every individual including differences in gender, ethnicity, disability, faith, and more. We’re committed to building an inclusive workplace that reflects the diversity of our clients and communities, where everyone feels empowered, respected, and heard. We actively partner with organisations and networks that champion equality and fairness, ensuring our policies and practices uphold these values.

Accessibility statement: If individuals have any accessibility issues when reviewing this document, please notify a member of the Travers Smith HR team so that the document can be provided in your preferred format, such as large print, audio, or braille.

Support and Adjustments for candidates: We are committed to ensuring that people who are disabled or have a long-term condition are empowered in their identity, valued equally, and listened to. If we can adjust the recruitment process to make it more accessible, please let us know.