Jobs

Information Security Governance & Risk Lead

Job details
  • Lewis Silkin
  • London
  • 1 week ago
Create alert

Term: Permanent Working hours: Full-time Reports to: Head of Risk & Compliance Department: Risk & Compliance Location: London The firm

Lewis Silkin works with leading businesses to protect and enhance their most important assets - their ideas, their people, their brand and their future. We call it: Ideas. People. Possibilities.

With offices in London, Oxford, Manchester, Leeds, Cardiff, Belfast, Dublin and Hong Kong, we are recognised by clients and industry alike as being distinct for our unique culture, market-leading practice areas, sector focused approach and for providing solutions to complex, multijurisdictional business challenges, with a pragmatic and human touch. We have two things at our core: people — both ours and our clients’— and a focus on creative, tech and innovative businesses.

Our culture is encapsulated by an ethos of bravery and kindness, guided by our values of Integrity, Clarity, Unity and Excellence (our ‘I-CUE’). We aim to provide a supportive environment for our people, clients and wider community and embrace diversity & inclusion, ensuring people are able to bring their full selves to work.

The department

This role is responsible for managing the organisation's Information Security Management System (ISMS), supporting the information security strategy, proactively identifying information security risks to ensure that all systems, data and networks are protected at all times from cyber threats and breaches. This role assists in developing and implementing security policies, procedures and controls, including conducting risk assessments, internal audits and supporting external audits.

The role will be the firms Information Security Officer and so the ideal candidate will have a strong background in information security and risk, an understanding of compliance requirements and the ability to architect a common control framework adaptable to various security standards. They will work closely with other departments and stakeholders to align security measures with business objectives and emerging technological trends, ensuring that the organisation's information assets are secure and resilient against evolving threats.

Responsibilities Manage the ISMS and play a key role in consolidating and driving ISMS activities in line with Lewis Silkin’s information security strategy as well as supporting ongoing certification requirements. Support the (CTO/COO/GC) in the development and implementation of Lewis Silkin’s security strategy. Lead the improvement and ongoing maintenance of the ISMS, in line with the requirements of ISO 27001:2022, Cyber Essentials and other legal regulations. Provide ISMS expertise to Lewis Silkin’s Risk Committee and collaborating with cross functional teams and stakeholders to ensure information security risks are identified, documented and treated appropriately. Act as the central point of contact for incident reporting and co-ordinate incident response activities. Create and update information security policies, procedures, and guidelines to align with the ISMS, compliance requirements, and industry best practice. Drive an effective security culture through the establishment and co-ordination of information security training and education, communications and awareness initiatives. Coordinate the ISMS control monitoring activities including the collection, analysis and reporting of key information security metrics. Drive continuous improvement across the ISMS focussing on key strategic areas as defined by the (CTO/COO/GC). Support Lewis Silkin’s Business Continuity Plan from an information security standpoint. Stay informed and report on emerging threats, trends, and developments in information security. Proactively recommend enhancements to the ISMS.

Desirable

Solid understanding and experienced practice of IT architecture, organisational governance, and information security with regards to management of the ISMS. Experience in implementing and ongoing management of an ISMS and maintaining ISO 27001:2022 certification in a complex multi-faceted business. Law firm experience is desirable but not essential. Professional certification in CISSP, CISM or equivalent, ISO27001:2022 Lead Implementor/Lead Auditor qualifications. There would be the opportunity (if the candidate has the requisite experience) to become involved in managing aspects of the firm’s data protection compliance.

Key Competencies

Minimum 3 years’ relevant experience in information security management or governance roles. Proven experience in implementing and maintaining ISMS and compliance frameworks in highly regulated industries. Proven experience of information security risk management practices such as ISO27005, ISO31000 or NIST RMF and a working knowledge of ISO27001:2022, Cyber Essentials and other relevant security standards and regulations. Knowledge of global privacy and information security regulations and their requirements. Ability to design and manage a common control framework and awareness of monitoring tools and methods to ensure security compliance. Experience with incident response procedures and reporting processes. Knowledge of Disaster Recovery process and testing. Effective relationship management and a collaborative work ethic. Strong communication skills, both verbal and written, with the ability to pitch according to audience and deal with people in a professional, courteous manner in diverse situations. Ability to translate complex technical issues to non-technical stakeholders and lead and collaborate with cross functional teams in a dynamic environment. Ability to work independently with minimal supervision, good time management skills and the ability to prioritise workloads. Business acumen with the ability to take a strategic and commercial view. Up-to-date knowledge of cyber and information security trends and threats.

Additional information

At Lewis Silkin our ethos is simple. We strive to do the best for our clients, our people and the communities in which we operate. We recognise that an inclusive workplace allows for all kinds of ideas and thoughts, a variety of points of view that can trigger discussions or deliver innovative results, and a wide range of versatile skills and expertise. We are proud of the diversity within Lewis Silkin and of our culture that allows people to be themselves at work, ensuring we provide the best possible service to our clients. We are committed to finding the right person for this role and are open to discussing flexible working patterns and office location.

Sign up for our newsletter

The latest news, articles, and resources, sent to your inbox weekly.

Similar Jobs

Head of Compliance

DescriptionRole:Head of ComplianceLocation:London (Hybrid Working), with occasional travel to our Romford and Edinburgh officesDepartment:Finance & Business ServicesGrade: 5Contract:PermanentThe Head of Compliance & Data Protection Officer (DPO) is a key leadership role responsible for ensuring NatCen complies with all applicable legal, regulatory, and ethical obligations. This includes overseeing compliance frameworks, managing...

the National Centre for Social Research London

Security Solutions Architect

Security Governance, Risk and Compliance Solution ArchitectWe need a solution architect to support the delivery of strategic cyber control solutions within the security governance, risk and compliance (GRC) sub-domain, covering vulnerability and compliance management, security governance and assurance, and risk management. Experience of working with Qualys, ServiceNow SecOps and Cloud...

LA International London

Principal Cyber Security Consultant

Principal Cyber Security Consultant Location: Remote in the United Kingdom Purpose, objectives, and requirements of the role: The BlueVoyant Principal Security Consultant leads and manages Cyber Security Consultants within the Professional Services team and are the primary subject matter expert and technical authority in advising, supporting and managing clients and...

BlueVoyant

GRC Consultant

Job DescriptionThe team you'll be working with:The GRC Consultant (Cyber Assurance / Security Operations Manager) is primarily responsible for ensuring the security controls (people, process, technology) are in place and operating as designed. The primary aim is the design, development, test and evaluation of information security throughout its lifecycle. This...

NTT DATA London

Cyber GRC Consultant - Tech Transformation practice

Cyber GRC ConsultantTech Transformation PracticeLondonConsultant - Senior Consultant levelYou want to boost your career and collaborate with expert, talented colleagues to solve and deliver against our clients' most important challenges? We are growing and are looking for people to join our team. You'll be part of an entrepreneurial, high-growth environment...

Infosys Consulting - Europe London

Lead Information Security Engineer, SIEM,CYBER,Vulnerability

Location: Bristol Job Type: Contract Industry: Cyber Security Job reference: 41411_1737722044 Posted: about 4 hours agoLead Information Security Engineer - Security OperationsWe are seeking a highly skilled and motivatedLead Information Security Engineerto join our team. In this role, you will play a pivotal part in safeguarding the organization's technology infrastructure...

Experis Bristol

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.