Lead Engineer: Information Security

Lead Engineer: Information Security

Location: London
Department: Information Technology
Working Pattern: Hybrid (3 days in office/2 days from home, subject to business need)
Hours: 9:00am - 5:00pm, with flexibility as required
On-Call: Participation in an on-call rotation and occasional after-hours support (24x7 global environment)
Travel: Up to 20% domestic/international

The Opportunity

An international law firm with a global presence is seeking a Lead Engineer: Information Security to join its London-based IT team. The firm represents major corporations, funds and financial institutions in complex, high-value transactions and disputes, and is known for combining deep commercial insight with a collaborative, forward-thinking culture.

This is a senior, hands-on role with responsibility for safeguarding enterprise systems, driving secure architecture initiatives, and supporting the continued evolution of a global security programme - including significant cloud transformation projects.

If you are a proactive security professional who thrives in a collaborative, high-performing environment and enjoys balancing technical rigour with commercial awareness, this role offers excellent scope for impact and progression.

Key Responsibilities

Security Architecture & Cloud Transformation

• Ensure secure architecture for internal and business-to-business authentication and authorisation
• Lead implementation of security architecture related to cloud transition (eg, Azure, O365/Teams, iManage Cloud)
• Control access to information systems and manage security configurations
• Collaborate with IT teams to embed security standards across new and upgraded technologies
• Assist in the development, approval and testing of new IT policies prior to production release

Risk Management & Compliance

• Manage and communicate security risks clearly and effectively
• Assist with vendor, project and system risk assessments
• Support independent security programme reviews and address identified gaps
• Participate in development of security policies to meet client and compliance requirements
• Ensure change control processes are followed and communicated appropriately

Data Loss Prevention (DLP) & Monitoring

• Manage DLP systems and processes
• Analyse DLP data and define remediation workflows
• Develop and refine DLP policies to protect firm and client assets
• Create metrics to measure DLP effectiveness
• Ensure monitoring and alert notifications align with business needs

Incident Response & Investigations

• Detect, respond to and coordinate information security incidents
• Maintain and execute incident response plans
• Identify root causes and recommend future mitigation strategies
• Conduct investigations in collaboration with HR, IT or General Counsel
• Contribute to Business Continuity and Disaster Recovery planning

Security Operations & Awareness

• Maintain comprehensive documentation of security operations
• Keep abreast of emerging threats and security developments
• Oversee physical data security controls (eg, backup media storage)
• Promote security awareness and update internal education materials
• Educate employees on security best practices and organisational benefits

Skills & Experience

Qualifications

• Bachelor's degree in a related field (or equivalent relevant experience)
• CISSP or CEH certification preferred

Technical Expertise

• Minimum 5 years' experience within an Information Security function
• Strong working knowledge of CISSP/CEH domains
• Familiarity with ISO 27002 standards
• Excellent understanding of networking and security standards
• Strong knowledge of cloud environments (Azure, O365)
• Experience with DLP incident handling, remediation and reporting
• Familiarity with Microsoft Defender for Endpoint, Thales, CrowdStrike Falcon, SIEM tools, CyberArk, Rapid7 and Palo Alto products advantageous
• Experience securing AI-driven systems and leveraging AI security tools
• Knowledge of disaster recovery principles