Head of Information Security Supplier Assurance

• Hybrid - 2 days on site
• £100-120k
• Permanent

Head of Information Security Supplier Assurance Organisation: Global Law Firm Location: Hybrid Working (2 days per week on-site)The Role We are seeking an accomplished Information Security professional to assume a senior leadership position within the Information Security team. Reporting directly to the Chief Information Security Officer, this role carries significant accountability for the firm's supplier assurance framework and third-party security posture.The successful candidate will be instrumental in sustaining the firm's ISO 27001 certification, developing and operationalising the Supplier Assurance Security Model, and ensuring the organisation delivers exemplary service to clients throughout due diligence processes. This position requires both strategic vision and operational excellence, balancing technical rigour with stakeholder management at the highest level.As a senior leader, you will build and develop a high-calibre team, establishing a centre of excellence for supplier assurance capabilities.Principal Accountabilities Strategic Leadership

• Architect and embed a comprehensive Supplier Assurance Security Model aligned with organisational objectives
• Provide strategic intelligence to the CISO, including trend analysis, risk assessment, and actionable recommendations
• Establish and chair Supplier Assurance governance forums with senior stakeholders

Third-Party Risk Management

• Oversee the complete lifecycle of third-party security assessments and vendor risk management
• Lead negotiations on Third-Party Security Schedules, ensuring robust contractual protections
• Evaluate and strengthen security provisions within commercial agreements

Client & Stakeholder Engagement

• Manage client due diligence requests with professionalism and precision
• Deliver comprehensive responses to security questionnaires that reflect the firm's maturity and capability
• Build trusted relationships with internal and external stakeholders

Compliance & Assurance

• Maintain evidence and documentation supporting ISO 27001 certification requirements
• Support internal and external audit activities from a supplier assurance perspective
• Ensure continuous adherence to regulatory and industry standards

People Leadership

• Build, mentor, and develop a high-performing team with specialist supplier assurance expertise
• Foster a culture of continuous improvement, accountability, and professional excellence
• Provide coaching, performance feedback, and career development opportunities

Candidate Profile Essential Experience & Knowledge

• Substantial leadership experience in Information Security Supplier Assurance within a complex organisational environment
• Proven track record within medium to large legal, financial services, or similarly regulated sectors
• Comprehensive understanding of information security domains, including GRC, risk management, and security operations
• Demonstrated success in building and leading specialist teams to deliver strategic outcomes
• Strong grasp of ISO 27001 and security assurance frameworks

Essential Competencies

• Exceptional leadership and people management capabilities, with evidence of developing high-performing teams
• Advanced negotiation skills with the ability to influence senior stakeholders and external vendors
• Outstanding written and verbal communication skills, capable of engaging technical and non-technical audiences
• Strategic thinking combined with attention to operational detail
• Strong business acumen and commercial awareness

Desirable Qualifications

• Professional certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor/Implementer

Why This Opportunity? This role offers a rare opportunity to join a forward-thinking Information Security function with genuine global reach and strategic influence. You will operate at a senior level, shaping security strategy whilst working alongside accomplished professionals committed to achieving market leadership in information security practice.The position provides substantial autonomy, supported by executive sponsorship, with scope to make a lasting impact on the firm's security posture and client service excellence.Services offered by Computappoint Limited are those of an Employment Business and/or Employment Agency in relation to this vacancy. We do not use AI to filter or assess candidates, we use experienced and dedicated recruiters, who want to match the best people to roles.