10 months ago
Senior Manager, IT Security - UK, EMEA
* The role is responsible for IT Security operations, management processes, procedures and related operational documentation within the UK, EMEA regions. Although having regional responsibilities, it is key that this role works closely with the Senior Manager, IT Security, Australia & Asia to ensure consistency and collaboration is fostered.
* The Senior Manager, IT Security will apply risk management techniques to identify security weaknesses and work with all IT teams to mitigate them, using the firm's existing ITIL-aligned change management framework.
* To proactively monitor and manage security logs, and take appropriate and timely action to resolve, educate and escalate where necessary
* Liaise with our outsource partners to ensure accurate reporting and remediation of security issues.
* Ensure that the technical operational procedures and documentation for IT security are up-to-date, relevant and thorough; this extends to departmental documentation, documentation for the wider business and where appropriate for clients
* Maintain an up-to-date and in-depth knowledge of cyber security and associated techniques and technologies, and disseminate this within the function and, where appropriate, within the wider IT team
* To provide users awareness, education and training on IT security
* Supplier Management - Provide advice and input regarding IT security with regards to the departments and firm’s suppliers and partners where appropriate
* To identify potential areas of non-compliance or inappropriate practices, conduct a successful investigation into the circumstances and construct an appropriate response including forming the business case where necessary
* Ensure that the capability is present to identify, investigate and communicate as appropriate, significant IT Security breaches.
* To provide, oversee and manage an IT security assurance function that facilitates the implementation of HSF (UK, EMEA) projects and services in all regions. This includes interactions with 3rd party specialists such as penetration testers where all work must be appropriately approved and managed to preserve the integrity of the service.
* Ensuring that all new HSF (UK, EMEA) projects and changes to existing services are security-impact assessed against HSF's securing controls
* Within an environment of empowered users, provide solutions to their business demands such as greater mobility and flexibility whilst maintaining the security of the firms systems
* Oversee the ISO/IEC27001/2 process, where implemented, to ensure continued certification and continuous improvement
* To provide input to strategic oversight on global information security matters, including projects limited to specific geographic regions and global projects
Skills, experience and qualifications
QUALIFICATIONS, SKILLS & EXPERIENCE:
* Working knowledge of a broad range of security technologies e.g. encryption, multi-factor authentication, endpoint protection, IDS/IPS, access control, vulnerability management toolsets, malware defences, protective monitoring, physical security controls, SIEM
* A good knowledge of current Windows server operating environments, Active Directory and Group Policy
* Solid knowledge of prevalent smart device platforms (BlackBerry 10, iOS, Android) and related security technologies
* Knowledge of network security devices and associated protocols
* Extensive knowledge of ISO/IEC27001/27002:2013
* Awareness of ISO/IEC22301, ISO/IEC27035 and ISO/IEC27005
* Working effectively in a matrix-managed environment
* A minimum of 5 year's relevant IT Security experience preferably within a networking environment
* ITIL Service Management Foundation certification (or equivalent) would be desirable but is not essential
* CISSP or CISM certification would be preferred
Group / Team
Group / Team description
Efficient and effective IT systems are essential to the effective operation of a global law firm like Herbert Smith Freehills. The information technology team keeps our global team of lawyers and the supporting business services staff connected whether we are in the office or on the move.
Information technology is responsible for everything information systems–related. That includes:
* technical support: IT helpdesks, asset management (including laptops and mobile devices) and technical training
* infrastructure: networks and systems, servers (real and virtualised), disaster recovery, business continuity and IT security
* development: designing and acquiring business applications.
While the roles within the division may vary, all involve providing the very best services and systems. You may also have the opportunity to work on challenging projects across the firm.
To succeed, you will have a strong focus on client service, be able to come up with creative solutions and see beyond complexity to identify the core issues facing the business. In return, we can offer a rewarding career at the forefront of the legal and IT professions, with significant scope for professional development
Apply to job