Overview

Role Overview: The Head of Information Security reports into the Director of IT and is responsible for all aspects of the information and cyber security programme across the firm. Developing, maintaining, and enforcing security requirements to ensure the firm is appropriately protected, the Head of Information Security will work closely with IT and other business teams to ensure the firms' information security requirements and obligations are met; information security risks are managed; and the information security strategy aligns with the firm's strategy.

Responsibilities

• Maintain and develop the information security function, strategy, and programme, aligned with RPC's strategic objectives and fulfilling legal, regulatory, and contractual requirements
• Provide leadership on information security and serve as an expert advisor to the senior leadership team on matters concerning information and cybersecurity, information risk management, as well as emerging threats and security technologies
• Oversee the management of security operations to ensure systems, controls, processes, and practises adequately protect the firm, and enable it to detect and respond to current and evolving cybersecurity threats
• Oversee the management of business continuity and cyber resilience, including crisis management, business continuity and disaster recovery planning, to ensure the firm is resilient to operational and cybersecurity events
• Oversee the management of information security policies, standards, guidelines, and procedures, to ensure appropriate information security governance is in place
• Identify, assess, monitor, and mitigate information security risks, including supply chain risks
• Ensure compliance with the relevant laws, regulations, industry standards, and client-driven information security requirements
• Line management of the information security team delivering security operations, business and cyber resilience, and information security governance risk and compliance
• Collaborate with key stakeholders and integrate information security best practices into operations and decision-making processes, and work with other delivery teams to ensure security by design principles are applied
• Prepare submissions for, and chair the Information Security Steering Group
• Provide regular strategy and programme updates to senior stakeholders, including risk management activities and key performance and key risk indicator data
• Maintain and develop robust incident response and management procedures, provide timely reporting of security incidents to appropriate parties
• Monitor the cybersecurity threat landscape and advances in cybersecurity technologies and explore innovative solutions to enhance the overall security posture of the firm
• Proactively identify security deficiencies or opportunities for improvement and facilitate the development of commercial and pragmatic solutions
• Foster a culture of cyber security awareness through regular training programmes for people at all levels of the organisation
• Provide information required to fulfil the security requirements of client audits, due diligence questionnaires, pitches, tenders, and non-client security audits and questionnaires
• Management of third parties and the performance of managed service providers
• Manage the information security budget in conjunction with the finance and procurement teams, and prepare and represent business cases for information security investments
• Ensure the renewal of accreditations such as Cyber Essentials Plus

Knowledge, Skills And Experience

• Demonstrates a growth mindset and is committed to lifelong learning and to build knowledge and expertise
• A minimum of 10 years' experience in information security roles with increasingly responsibility; prior experience as a Head of Information Security or equivalent strongly preferred; prior experience in law firms or professional services is desirable
• Strong knowledge of security and data privacy regulations, global information security standards, best practices, and security control and frameworks such as ISO27001 & NIST-CSF
• Excellent leadership skills, both line management, and as part of the IT and business services senior leadership teams
• Excellent verbal and written communication skills, adjusting style and content to suit the recipients and audience
• Proven success in building high performing teams who deliver the required business and security outcomes
• Knowledgeable on IT and security technologies and best practise
• Experienced in risk management strategies, assessing security risks, and advising on commercial risk management strategies
• Working style and approach is collaborative, builds trust, and is diplomatic and supportive
• Knowledgeable of the legal obligations and compliance frameworks relevant to a legal firm
• Provides thought leadership and technical input to support informed decision making
• Experienced working in fast paced and dynamic environments
• Capable of working with details at a tactical level, as well as operating at a strategic level
• Holds an information security certification such as CISSP, CISA or CISM
• Highly resilient and able to work well under pressure

Diversity, equity, inclusion and belonging

We are problem solvers. Whether in front of clients or behind the scenes. To solve problems creatively for clients, we need diverse collaborative thinking; drawing on different experiences, backgrounds and perspectives. That means that everyone who either applies to, or works for, the firm is treated equitably. We believe in removing barriers to equal access not least because our people define us and define what we do. If you need support and adjustments to do your best work, whether that's during the recruitment process or throughout your time at RPC, we\'re here to help.

Flexible working that supports your commitments outside of work is an important part of our culture and, where possible, we will support this across all roles. Please get in touch with our recruitment team if you have any questions about our hybrid working approach or flexible working policy.

Seniority level

• Executive

Employment type

• Full-time

Job function

• Information Technology
• Industries: Law Practice

Referrals increase your chances of interviewing at myGwork - LGBTQ+ Business Community by 2x

Sign in to set job alerts for “Head of Information Security” roles.

Bristol, England, United Kingdom