Information Security Manager

Information Security Manager – Stewarts

We are looking for an Information Security Manager to join our IT team in London.

• Develop and deliver the firm’s information security strategy and roadmap.
• Provide subject matter expertise and guidance on information security to partners and staff.
• Lead and mentor a small team, fostering professional growth and development.
• Lead the implementation and ongoing management of ISO 27001, including policy and control implementation and stakeholder engagement.
• Own the information security risk management process, including risk assessment, and risk / information asset register maintenance.
• Lead the development, implementation, and review of security policies, standards, and procedures.
• Ensure compliance with ISO 27001 and Cyber Essentials Plus
• Oversee third-party risk management, including onboarding/offboarding and ongoing due diligence.
• Coordinate and respond to client audits and assurance activities.
• Maintain awareness of the current cyber-risk landscape for the firm and factor into the annual strategic cyber-plan.

• Own and manage the relationship with the firm’s Managed Security Operations Centre (SOC), acting as the primary point of contact, ensuring service levels are met, and coordinating incident response.
• Oversee operational security including server and endpoint protection, M365 security, identity and access management, vulnerability assessments, patching, and system hardening.
• Manage security monitoring activities and support business continuity and disaster recovery initiatives.
• Monitor emerging threats advising the business on risk and required actions.
• Renew the firm’s Cyber Essentials Plus certification on an annual basis.

• Lead the delivery of security projects, ensuring they are completed on time, within scope, and aligned with the firm’s strategic objectives.
• Collaborate with project managers and business stakeholders to integrate security requirements into both IT and non-IT projects ensuring Secure by Design principles are embedded from the outset.
• Work with cross-functional teams to identify, assess, and mitigate security risks in business initiatives.

• Act as the primary point of contact for information security matters across the business.
• Develop and deliver security awareness training for partners and staff.
• Represent the firm in external security forums and with clients as required.
• Prepare quarterly info. sec. management reports for the CIO and Executive Committee.

• Extensive experience in information security management, ideally within professional services environments.
• Proven management capabilities, including team management and effective stakeholder engagement.
• Hands‑on expertise in ISO 27001 implementation and certification, from development through to successful audit.
• Experience of successfully completing Cyber Essentials Plus audits and a solid understanding of UK GDPR requirements.
• Demonstrated ability to manage third‑party security relationships.
• Strategic, pragmatic, and business‑aligned approach to security risk management and decision‑making.
• Highly desirable certifications such as CISM, CISSP, or ISO 27001 Lead Implementer.

• Endpoint Security: EDR solutions and endpoint management platforms.
• Microsoft 365 / Entra  protection, Conditional Access, MFA, and Privileged Identity Management (PIM).
• Security Monitoring & Operations: SIEM platforms and SOC processes.
• Network Security:
  Firewalls, web application firewalls, and VPN technologies.
• Encryption: PKI and data encryption for both data at rest and in transit.
• Email Security:
  Mimecast and Exchange Online, Tessian plus SPF/DKIM/DMARC configuration.
• Backup and Recovery Systems:
  On‑premise and Cloud backup solutions
• Experience of project management disciplines (eg: Prince2, Agile) are desirable.
• Well organised, uses initiative, prioritises appropriately, applies self, shows attention to detail, manages own workload and meets deadlines
• Demonstrates excellent communication and interpersonal skills (respectful, positive, articulate, professional and sympathetic)
• Delivers helpful internal services with a “can do” approach, shows commercial awareness and represents the department/firm appropriately
• Shares information and ideas
• Accepts and follows instructions, listens, makes notes, questions appropriately, co-operates
• Shows sound judgement and decision‑making skills; acts within boundaries
• Shows commitment, passion and enthusiasm
• Is a respectful, reliable and supportive team player
• Reflects the firm’s culture.

• Mid‑Senior level

• Full‑time

• Legal and Information Technology
• Law Practice

Location:

London, England, United Kingdom