Head of Information Security - POSITION AVAILABLE AT ANY FREETHS OFFICE

Job content

The Freeths Group is one of the UK’s leading regional law practices. We offer services to both the commercial and private client across the entire legal spectrum. We operate from offices in Birmingham, Bristol, Derby, Leeds, Leicester, Liverpool, London, Manchester, Milton Keynes, Nottingham, Oxford and Sheffield.

The firm has a wide range of clients throughout the UK with many clients having strong international connections. We have over 150 partners and more than 800 members of staff in total.

Our client base reflects our nationwide strength and our nationwide service delivery. We are committed to continuous improvement and our increasing success as a business is built on achieving success for our clients. We work in close partnership with clients, providing positive, practical solutions and clear, comprehensive advice.

Our aim is to attract and retain the most talented people, and part of this is providing a great place to work. So, to support fairness and equality and to encourage a healthy work-life balance, we continually monitor and improve our benefits.

We are proud that what we have achieved has been recognised over the past few years, being awarded Best Companies star status on a number of occasions and have featured in the Sunday Times 100 Best Companies to Work For. We are also a silver standard accredited Investor in People Company, which means we are recognised for our efforts to improve work place engagement, leadership, personal growth, wellbeing, team working and our impact on society.

We are looking for a talented Head of Information Security to join our growing team. This role can be based anywhere within the UK (except London) with occasional travel to UK sites . Reporting to our Chief Technology Officer this role will;

Provide a first point of contact for all information security & cyber related events with the business, for clients and regulators. Be the firm’s resident expert in all matters of Information Security risk and cyber management and system defences.

Define deliver and lead a credible information security/cyber strategy.

Own, drive and uphold the ISO27001 and other appropriate accreditations.

Working with the IT group and the Risk and Compliance functions, map cyber risk giving rise to tactical and strategic mitigation activity.

Has a good understanding of information security maturity models and their application, NCSC and NIST frameworks and other emerging or appropriate bodies and approaches.

Will capitalise on professional networks to inform and gauge approaches to cyber defences, current tools and present thinking.

Manage a small information security team.

Key responsibilities will include:-

• Design, articulate and lead Information Security/cyber strategy.
• Build an annual plan and budget for InfoSec activity leading to a pragmatic operational security framework.
• Attend external events as required/represent the firm.
• Can create policy, guidelines and process typically around key touch stones;
• Asset protection,
• Security Management
• Identity Governance/intelligence
• Access Management
• Privileged Account Management
• Program Management
• Risk Management
• Compliance and Assurance
• Privacy
• BCP
• Qualify supply lines
• Represent the CTO within the business on all InfoSec activities, presenting to partner/lawyer groups or the board.
• Chair the ISMF monthly meeting and be part of the risk management framework.
• Lead any investigations, reporting (board, ICO, SRA, other), remediation and education following a compromise.
• Manage the skills and welfare of a small security team ensuring process and discipline are upheld without exception.
• Build a working relationship with internal compliance.
• Respond to and represent the business internally and externally on all matters around information security.
• Liaise with the ISO accreditation organisation and other bodies for certifications.
• Educate the business on sound Information Security and cyber governance.
• Structure and deliver internal security audits.
• Maintain ISO27001 and other accreditations as appropriate.
• Search and select appropriate technologies to solution real risk issues.
• Be involved and guide all projects from a security and continuity perspective.
• To follow all the Firm’s policies and procedures.
  

The above is not an exhaustive list of duties and you will be expected to perform different tasks as necessitated by your changing role within the organisation and the overall business objectives of the organisation.

We are looking for the following skills & experience:-

• Able to see and plan for the future building both strategic and tactical plans. Understands the wider world that Freeths operates in.
• Demonstrate problem solving skills.
• Awareness of market leading tools and techniques.
• Working knowledge of ISO27001 and its use as a business improvement technique.
• Clear ability to engage with both technical and non-technical audiences.
• Make contributions towards tender documentation and materials for prospective new clients.
• Deep understanding of IT infrastructures, network techniques.
• Experience of disaster recovery and business continuity.
• Can construct policy and author procedural documentation.
• Thorough and meticulous planning abilities – highly organised.