We are recruiting for a Security Architecture and Engineering Senior Manager to join the A&O Shearman London office.
About the team
The firm’s ability to keep our clients’ data secure is a bedrock for our reputation as a trustworthy professional services partner to many of the world’s large and prestigious organisations. Information security is not an afterthought; it is core to all that we do, to protect not only our data but that of our clients, and has the unwavering support of the Board.
Led by our new CISO, the in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman’s strategy to lead where global complexity creates opportunity.
In addition, you will have the opportunity to share and gain intel from the firm’s cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients’ cyber risk management and incident response programmes.
What you will do
Security Architecture Strategy & Governance
Orchestrate the Security Architecture team in the development and maintenance of a comprehensive security architecture strategy across the firm’s platforms, including M365, legal and risk platforms, legal tech systems, data platforms, AI, infrastructure, and knowledge management.
Ensure that platform-specific security standards, patterns, and design principles which suitably support secure business operations and digital transformation have been defined and are enforced.
Platform Security Oversight
Serve as the security lead for platform-specific architecture, ensuring consistent and scalable security practices across domains (e.g., M365, AI, knowledge, data, and legal tech).
Collaborate with platform owners to embed security early in the lifecycle of new technologies and tools.
Oversee assessments of the security posture of each platform and provide architectural recommendations to mitigate risks.
Security Design and Architecture Assurance
Review and approve security architecture designs for new services, platform upgrades, and major integrations, with a focus on data privacy, identity management, and access controls.
Ensure alignment with firm-wide security policies, particularly in relation to cloud security, data loss prevention, AI governance, and information governance.
Champion zero trust and defence-in-depth strategies across all applicable platforms, ensuring alignment with the strategy and architecture of the Digital Trust team.
Risk Management and Legal Sector Compliance
Drive the identification and remediation of platform-specific security risks by leading discussions with more senior stakeholders and acting as a point of escalations.
Ensure compliance with legal, regulatory, and professional obligations, including client confidentiality, data protection (e.g., GDPR), and audit requirements in architecture and engineering work.
Act as a key liaison with Risk, Legal, and Compliance teams to align platform security with client contracts and industry expectations.
Team Leadership and Cross-Platform Collaboration
Mentor, guide, and manage the performance of a team of platform security architects and engineers.
Foster a culture of knowledge sharing and cross-functional collaboration to ensure platform security requirements are well understood and implemented.
Coordinate with other engineering and technology colleagues to ensure cohesive and complementary controls.
Stakeholder Engagement & Communication
Engage with senior leadership, IT, knowledge, and legal operations stakeholders to advocate for secure technology decisions.
Present risk and architecture insights clearly to non-technical audiences, influencing platform-level security investments and priorities.
What you will have
Extensive experience in a relevant IT or information security role, with, with a strong focus on developing and implementing security architecture strategies across diverse platforms (e.g., M365, cloud, data, AI).
Extensive experience in an information security-relevant leadership role, with a demonstrated track record of leading and mentoring a team of security architects.
At least one relevant, industry-recognised professional certification, such as:
CISSP
CCSP
SANS GIAC.
Extensive experience in designing and implementing secure architectures across cloud, on-premises, and hybrid environments.
Proven experience working in a global organization.
Experience supporting audit and compliance activities related to Security Architecture and Engineering.
In-depth knowledge of security architecture and engineering principles, technologies, and best practices.
Strong written and verbal communication, interpersonal, and leadership skills with the ability to collaborate with colleagues across the business and with external parties.
You will stand out if you bring
Bachelor’s degree in Computer Science or a related field.
Additional certifications such as CISA, CISM, CCIE, CRISC, or other SANS credentials.
Experience within the legal or professional services sector.
Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.
We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.
We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing an onsite gym, wellbeing centre and GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, season ticket loans and online discounts and lifestyle management services.
Our approach to hybrid working seeks to combine and maximise the benefits of effective remote working with the benefits of being in the office. Our current hybrid working arrangements require office based working for a minimum of 60% of your time (i.e. three days per week for a full time role) in accordance with our hybrid working policy.
