Information Security Manager

Our client, a leading professional services firm, is seeking a highly skilled Information Security Manager to join their Information Security & Risk department. This role is crucial in enhancing and managing the firm’s information security management programme while also overseeing the business continuity framework. The successful candidate will be responsible for planning, testing, and training in business continuity and managing third-party security risks. This position also involves conducting business impact assessments, ensuring ISO 27001 governance, policy management, and internal auditing in accordance with global best practices. The role will provide extensive opportunities to contribute to a culture of continuous improvement and resilience across the firm. The position is full-time and will require collaboration with internal teams and external stakeholders.

Job Duties:

• Lead the development and ongoing management of the firm’s Business Continuity Plans (BCP), ensuring relevance and effectiveness across all jurisdictions.
• Organise and conduct BCP tests with local business continuity groups, including documentation, reporting, and follow-up of test outcomes.
• Provide business continuity training and conduct targeted group sessions for employees.
• Undertake Business Impact Assessments (BIAs) to ensure understanding of Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), system criticality, and dependencies.
• Manage and complete information security assessments and Due Diligence Questionnaires (DDQs) received from clients.
• Support outgoing third-party assessments, onboarding, and risk reviews, ensuring compliance with security requirements.
• Oversee third-party risk management from a security perspective, documenting, reporting, and mitigating risks as necessary.
• Support ongoing ISO 27001 certification and improve the ISMS (Information Security Management System).
• Develop and maintain information security policies and procedures in line with best practices and regulatory requirements.
• Conduct clause-based auditing, policy reviews, and control monitoring as part of the ISO 27001 responsibilities.
• Liaise with internal and external auditors and regulatory bodies during audits and reviews.
• Deliver induction and information security training for all new joiners to the firm.
• Develop and run targeted information security training and awareness programmes for specific business units.
• Maintain high information security awareness throughout the business via communication and engagement initiatives.
• Support the firm’s response to information security incidents, including investigation and documentation.
• Stay informed on latest trends, threats, and technologies, providing guidance as necessary.
• Foster a culture of continual improvement, integrity, confidentiality, and resilience within the firm.

Job Requirements:

• Proven experience in information security management, business continuity planning, and risk management, ideally within a professional services or legal firm environment.
• Experience supporting and/or maintaining ISO 27001 certification and managing an ISMS.
• Strong knowledge of business impact assessments, disaster recovery, RTOs/RPOs, and system criticality mapping.
• Excellent communication and interpersonal skills, capable of delivering effective training and collaborating across global teams.
• Analytical and detail-oriented, with a proactive approach to risk identification and mitigation.
• Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CBCP, or equivalent are desirable.

What You’ll Love:

You will love the opportunity to work in a dynamic professional services environment that values inclusion and diversity. Our client is dedicated to creating a workplace where everyone feels valued and respected. You will also benefit from a commitment to making the recruitment process inclusive and comfortable for all candidates. The firm provides a supportive atmosphere for continual professional development while delivering vital services across various jurisdictions. Joining the team offers a chance to enhance security practices and policies significantly, making a tangible impact on the firm's operations.

Interested? Register today, confidentially, with one of our friendly and dedicated recruitment specialists by clicking here