Information Security Officer
Posted Today by Sure Exec Search
£56 Per hour
Inside
Hybrid
London Area, United Kingdom
Summary: The Information Security Officer role at a leading London-based law firm involves enhancing the firm's information security framework, ensuring compliance, and managing third-party security assessments. The position requires a proactive individual to lead incident responses and contribute to staff training initiatives. This is a hybrid role with an initial contract duration of six months. The successful candidate will possess strong knowledge of ISO standards and relevant industry certifications.
Key Responsibilities:
- Act as the first point of contact for internal and external queries on information security governance and controls.
- Draft, review, and maintain security policies, procedures, and standards, promoting awareness across the firm.
- Support the maintenance and continuous improvement of the firm’s ISMS.
- Assess, audit, and manage third-party suppliers’ information security posture, ensuring compliance and remediation of findings.
- Respond to client security questionnaires, identifying compliance gaps and proposing compensating measures.
- Conduct information security risk assessments in line with ISO 27001, defining appropriate mitigation controls and treatment plans.
- Validate implementation of mitigation controls for project deliverables and ensure operational effectiveness.
- Oversee penetration testing engagements with external providers and coordinate remediation planning.
- Lead the investigation and response to security incidents, ensuring timely resolution and effective communication.
- Contribute to the firm’s Cyber Awareness programme, developing and delivering training and communications for staff and third parties.
Key Skills:
- Strong working knowledge of ISO 27001/27002 and experience implementing and assessing associated controls.
- Industry certifications such as CISSP, CISM, CRISC (or equivalent).
- Cloud security expertise, ideally with AWS and/or Azure certifications.
- Familiarity with ISO 27005 risk management or NIST RMF.
- Understanding of global Data Protection and Privacy regulations.
- Proven ability to interpret and respond to client requirements.
- Strong written and verbal communication skills, with the ability to engage across all business functions.
- Self-sufficient and proactive, able to work independently or as part of a project team.
Salary (Rate): £56.00/hr
City: London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Information Security Officer
Location: London
Work Arrangement: Hybrid (1 day on-site)
Rate: £400 - £420 per day (Inside IR35, via Umbrella company)
Duration: 6 months initially
Start Date: Immediate
Our client, a leading London-based law firm, is seeking an experienced Information Security Officer to join their team on an initial 6-month contract. This role will be pivotal in strengthening the firm’s information security framework, driving governance, and ensuring compliance across systems, third parties, and staff awareness initiatives.
Role Responsibilities:
- Governance & Compliance
- Act as the first point of contact for internal and external queries on information security governance and controls.
- Draft, review, and maintain security policies, procedures, and standards, promoting awareness across the firm.
- Support the maintenance and continuous improvement of the firm’s ISMS.
- Third-Party & Client Assurance
- Assess, audit, and manage third-party suppliers’ information security posture, ensuring compliance and remediation of findings.
- Respond to client security questionnaires, identifying compliance gaps and proposing compensating measures.
- Risk Management & Assurance
- Conduct information security risk assessments in line with ISO 27001, defining appropriate mitigation controls and treatment plans.
- Validate implementation of mitigation controls for project deliverables and ensure operational effectiveness.
- Oversee penetration testing engagements with external providers and coordinate remediation planning.
- Incident Response
- Lead the investigation and response to security incidents, ensuring timely resolution and effective communication.
- Awareness & Training
- Contribute to the firm’s Cyber Awareness programme, developing and delivering training and communications for staff and third parties.
Essential Skills / Experience:
- Strong working knowledge of ISO 27001/27002 and experience implementing and assessing associated controls.
- Industry certifications such as CISSP, CISM, CRISC (or equivalent).
- Cloud security expertise, ideally with AWS and/or Azure certifications.
- Familiarity with ISO 27005 risk management or NIST RMF.
- Understanding of global Data Protection and Privacy regulations.
- Proven ability to interpret and respond to client requirements.
- Strong written and verbal communication skills, with the ability to engage across all business functions.
- Self-sufficient and proactive, able to work independently or as part of a project team.
If you are passionate about this opportunity and meet the qualifications and skills outlined, we encourage you to promptly submit your CV for consideration. Please note that the duties mentioned above are not exhaustive, and the role's responsibilities may evolve in response to changing circumstances and requirements.
Sure Commercial Limited (trading as Sure Exec Search) is a proud Equal Opportunities employer and does not discriminate against any candidate on the grounds of age, disability, sex, gender identity, sexual orientation, pregnancy and maternity, race, religion or belief, marriage and civil partnerships, or other applicable legally protected characteristics. Our Diversity, Equity, and Inclusion Policy is available on request.