Chief Information Security Officer

Job DescriptionChief Information Security OfficerThis is an exciting job opportunity in London for an experienced Information Security Officer who wants to take their career to the next level. The position involves advising an international law firm on information security and managing the risks associated with it. To be eligible for this role, you must have experience in obtaining ISO 27001 certification, as well as in developing and implementing ISO 27001 policies and frameworks for law firms. You will work with the risk committee and senior leadership team, handling inquiries and issues from both internal and external parties.Job Responsibilities:To inform and advise the Group in respect of information and cyber security risks and issuesResponsibility for defining, developing and managing the Group’s information security strategy and ongoing development programme.To define and embed the ISO 27001 Information Security Framework across the Group that addresses the needs of the business, its staff, clients, and other external stakeholders in line with relevant legislation and industry standards.Drive and deliver continuous improvement to the Group's Information and Cyber Security systems, processes and procedures. Develop and lead an effective, high-performance Information Security and Data Protection function.Establish and maintain clear and measurable Information and Cyber Security strategic plans, budgets and targets, and robust and fit-for-purpose operational procedures and deliver continuous improvements that ensure all elements of the service represent the best value for money.To be the point of escalation for all information security alerts and breaches and coordinate responses via incident management protocols.To conduct regular monitoring to ensure security practices, policies and procedures are being followed, evidencing Group compliance as required by appropriate certifications, identifying areas for improvement, making recommendations to address identified failures, agreeing remedial actions and timelines for delivery.Ensure management information is fit for purpose and is available on a timely basis to the Group's Risk Committees, Boards and Regulatory Authorities.Collaboration with the Technology department to ensure that the Group’s security practices meet all applicable requirements.To manage all client and regulator requests for detail on the Group’s information security controls (client audits / questionnaires).
#J-18808-Ljbffr