Information Security Manager - Law Firm (GRC & Cyber)

Job Responsibilities

We are looking for an experienced Information Security Manager to lead our clients' security strategy, operations, and dedicated team. The successful candidate will work closely with the CISO, overseeing all aspects of information security across our UK and global offices.

• Oversee continuous improvement of policies, standards, procedures, and controls for all offices.
• Oversee operations including threat monitoring, vulnerability management, access controls, endpoint security and incident response.
• Maintain robust cyber resilience measures across on-premise and cloud environments.
• Ensure compliance with GDPR, SRA requirements (for legal sector), ISO 27001/2 standards and other applicable regulations in all jurisdictions where we operate.
• Manage internal/external audits; regularly assess current risks; report findings to senior management.
• Act as escalation point for major incidents; coordinate response efforts; conduct post-event reviews; update disaster recovery/business continuity plans accordingly.
• Coordinate responses to client security questionnaires by gathering accurate information on the firm’s policies, controls and practices.
• Regularly brief the Chief Information Security Officer/executive board on key metrics; risk posture; incidents; progress against strategic objectives—including updates regarding client questionnaire activity and BPM developments.

Skills Required

• Experience in a senior Information Security role within the legal sector.
• Practical knowledge of UK/EU/international regulatory frameworks (GDPR/SRA etc.).
• Experience helping a firm gain accreditations - ISO27001 and Cyber Essentials+
• Technical expertise across SIEM platforms, cloud security solutions (e.g., Azure/AWS), endpoint protection suites etc.
• Track record managing incident response/disaster recovery processes in complex environments.