Cyber Security Risk & Governance Manager

Lawfront
Nottingham, Nottinghamshire, United Kingdom
Today
Job Type
Permanent
Work Pattern
Full-time
Work Location
Hybrid
Seniority
Senior
Education
Degree
Visa Sponsorship
Available
Posted
3 Jul 2026 (Today)

Benefits

25 days holiday + bank holidays Pension scheme Professional development support Health and wellbeing initiatives

Cyber Security Risk & Governance Manager

When registering to this job board you will be redirected to the online application form. Please ensure that this is completed in full in order that your application can be reviewed.

Lawfront is one of the UK’s most ambitious and rapidly expanding Legal Groups. Through strategic acquisition and the integration of high‑performing regional law firms, we are building a national platform that combines local excellence with the strength, investment, and innovation of a modern Legal organisation.

Our growth trajectory is significant — and accelerating. As we continue to welcome new firms into the Lawfront family, we are strengthening our central functions to ensure we deliver consistent, scalable, and best‑in‑class support across the Group.

Role Purpose:

The Cyber Security Risk & Assurance Lead is responsible for defining, implementing, and governing IT security policies, standards, and compliance frameworks across the organisation. This role ensures that security controls are embedded into IT architecture and delivery, while maintaining alignment with regulatory requirements and organisational risk appetite.

Operating as part of a central (horizontal) IT Security function, this role works closely with Architecture, Delivery, and Service teams; providing oversight, assurance, and governance rather than hands-on operational security execution.

This role is governance-led rather than operational, focusing on defining what “good” looks like and ensuring it is consistently applied. The Cyber Security Risk & Assurance Lead provides oversight and assurance, while operational security execution remains with IT Security Engineers within the Service Delivery function. The success of this role depends on effectively embedding security into architecture and delivery without creating unnecessary friction, ensuring a risk-based, business-aligned approach to security and compliance.

Key Responsibilities:

1. Security Policy & Standards

2. Governance- & Compliance

3. Audit & Assurance

4. Security Architecture Alignment

5. Risk Management

6. Stakeholder Engagement

7. Vendor & Third-Party Security

8. Continuous Improvement & Awareness

Experience:

* Holder of relevant CyberSecurity Certifications – e.g. CISM, CCSP or CISSP

* Strong knowledge of security frameworks (e.g., ISO 27001, NIST, CIS Controls)

* Understanding of cloud security principles (Azure, AWS, or GCP)

* Familiarity with the concepts, standards and tools involved in controlling identity and access management, data protection, resilience & loss prevention, and network security

* Experience with risk management and compliance tooling (GRC platforms desirable)

* Experience with selecting, deploying, maintaining and securing IT systems in a mid-sized (Apply online only) user) UK organisation.

* Familiarity with popular UK law firm applications and services is advantageous.

* Ideally around 7–10 years in IT and security, with strong focus on governance, risk, and compliance

* Experience managing audits and regulatory requirements

* Experience working within enterprise IT environments and architecture governance structures, ideally within a legal environment.

* Experience in regulated industries (preferred)

It's an exciting time to join our organisation, and this will give you a fantastic opportunity to be a key part of our development. If this sounds like you then please get in touch by clicking apply below

Related Jobs

View all jobs

IT Security Manager

Circle Recruitment Hampshire, United Kingdom
£45,000 – £55,000 pa Hybrid Clearance Required

Mandarin speaking Information Security Manager (Banking)

People First Ec4N1Sa, EC4N 1SA, United Kingdom
On-site

Information Security Manager

Ashdown Group London, United Kingdom
£85,000 – £90,000 pa Hybrid Clearance Required

Senior Cyber Assurance Manager

Ashdown Group London, United Kingdom
£85,000 – £90,000 pa Hybrid

Cyber Security Architect

Yolk Recruitment Newport, United Kingdom
£55,000 pa Hybrid Clearance Required

Regional Information Security Lead (Europe & USA)

TRIA London, United Kingdom
£80,000 – £85,000 pa Hybrid

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.