Trident Search are working with an international law firm who are looking for a Head of Cyber Security to aid them in their digital transformation. This particular role will see the you working quite heavily with the IT teams within the business and manage the infrastructure of the organisation. A few key requirements of this role will be ensuring the incident response function is operating effectively and helping the organisation with their security road map to aid the transformation.
 
The client is able to offer hybrid working (2-3 days per week in office) and is located in a new state of the art office in central London.
 
The Role

• Enabling the creation, roll out and support of the enterprise security strategy.
• Work closely with business arms to ensure compliance requirements are being adhered to.
• Be the SME for Cyber and IT Security within the firm and provide guidance for other key stakeholders.
• On top of being the SME and encouraging buy in from stakeholders, you will be responsible for making sure all SLA’s are being met.
• Ensuring the technology within the firm is fit for purpose and is performing correctly, whilst ensuring process and procedures are in line with the business needs
• Aligns the contribution of specified systems and services to clearly stated organisational and financial goals and performance targets. Recommends options for sourcing — whether in-house, outsourced, or a combination.
• Work closely with other business leaders to set annual budgets for security.
• Operating within the SFIA framework

 
Duties & Responsibilities
 

• To be a key leader within the IT and security teams within the business and ensuring the road map is on track
• Maintain the cyber security framework, providing ongoing analysis of emerging threats, risks and control gaps.
• Define and steer the Cyber Security programme to implement technical security solutions and controls aligned to industry best practice and the emerging threat landscape.
• Advise on information security at appropriate risk oversight committees and boards.
• Collaborate with the wider IT department, in the development, implementation and ongoing assessment of security policies, procedures and standards across the Firm's IT estate and business.
• Provide information security and infrastructure requirements to IT projects and ensure their appropriate implementation.
• Act as 1st line of defense for information security, partnering with and providing challenge, support and advice to the business and IT teams to identify and manage the mitigation of security risks.
• Collaborate with IT and business peers to manage security vulnerabilities, events or investigations.
• Act as control and process owner for security incident management and response. Work closely with key stakeholders to ensure incident response plans are up to date and are effectively tested, including facilitation of tabletop exercises to simulate incident response.
• Manage relationships and oversee the day-to-day activities of security and infrastructure outsourced suppliers.
• Participate in internal security assessments, internal audits, client audits, compliance certifications, third-party risk management and client security questionnaire responses.
• Manage an Cyber Security team in support of IT security operations and the delivery of IT security solutions to the business.
• Progress the professional development of the security and infrastructure teams to ensure they remain current in trends, techniques and technologies.
• Any other ad hoc duties as required.

Key Skills & Experience Required

• At least 5 years' relevant experience in a law firm or comparable organisation operating in a regulated environment.
• Technical certifications such as CISM, CISSP.
• Proven experience of working with IT security systems and information security governance, i.e., control frameworks, incident management, operations and application of security best-practices.
• Experience of security engineering, in support of technologies and controls such as Network and Application firewalls, IDS/IPS, Web Proxy, Vulnerability Scanners, Microsoft Active Directory services, Security Service Edge (SSE), Endpoint Protection and Encryption technologies.
• Strong analytical and problem-solving skills and can interpret and apply complex technical information and is able to explain security functionality to other members of the business.
• Solid management experience working to support the development and direction of both directly employed and third party employed IT security professionals.

If you are looking to work for a reputable law firm, in a role that will see you working with the entire business then please do go ahead and apply now.