Role: Information Security Manager
Location: Hybrid (Main office in London)
Salary Expectations: Between £95,000-£110,000 (DOE)
Are you an experienced Information Security Manager with a strong grounding in GRC looking for your next opportunity? Locke & McCloud has recently collaborated with a top 20 legal firm who is seeking their next InfoSec Manager.
The successful candidate will ensure all assurance controls are implemented and deployed throughout the firm and work globally to support GRC across the company.
Key Responsibilities:
Foster the establishment of a cybersecurity-focused ethos within the global network.
Aid in overseeing and reporting on the adherence to ISO27001 requirements for a network spanning 3 continents.
Perform evaluations and due diligence on the information security policies, standards, controls, and assurance of third-party entities and Member Firm organizations.
Evaluate security vulnerabilities and oversee the progress of remediation efforts across the global network.
Offer recommendations and guidance on enhancements and corrective measures to fortify the security posture.
Supervise security projects and ensure the timely achievement of project milestones.
Ensure that security initiatives are in aligned with business objectives.
Evaluate and manage security risks associated with third-party vendors.
Guarantee that vendors adhere to security standards and contractual obligations.
Promote a culture of heightened security awareness and, when necessary, provide training organization-wide.
Provide support for the incident response process within the framework of information security governance.
Supervise and mentor members of the information security governance team, fostering a culture of collaboration, continuous learning, and excellence within the team.
Conduct regular performance assessments for the governance team and provide constructive feedback.
About you:
A Bachelor's or Master's degree in Information Security, Computer Science, or a related field is required.
Professional certifications like CISSP, CRISC, CISM, or CISA
8 years of experience in the field of information security is essential, including practical technical expertise, as well as a demonstrated history of team management and leadership.
A solid understanding of information security frameworks, standards, and best practices is necessary.
Exceptional communication and interpersonal skills are a must.
Proficiency in information security and expertise in IT Audit, Risk, and Technology Assurance are expected.
A comprehensive understanding of information security risks and threats, coupled with the ability to effectively engage and collaborate with stakeholders to identify potential areas for improvement, is vital.
The ability to convey security concepts succinctly to a diverse audience and demonstrate their relevance to business value is crucial.
Proficiency in engaging stakeholders at all organizational levels, including individuals from various backgrounds, whether from business or technical domains, both internally and externally, is important.
Familiarity with security frameworks such as ISO27001 and the NIST Cyber Security Framework is beneficial.
Apply now so you don't miss out!