Head of Cyber Security

The department

The IT department has approximately 60 staff globally, located in London, Paris, Piraeus, Dubai, Hong Kong, Sao Paulo, Melbourne, Perth, Singapore, and Sydney.

HFW’s Information Technology team’s vision is to deliver a responsive and continuously evolving technology platform, underpinned by a secure, global infrastructure with data and process at its core.

The role

AAs part of the IT leadership team, the role is responsible for all aspects of cyber security, globally. Working closely with the Chief Technology Officer to ensure that the Firm’s systems and data are secure, in line with IT Strategy.

The role requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies. The role is responsible for establishing and maintaining the cyber security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which the Firm operates.

The role will be knowledgeable about both internal and external business environments, and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory and contractual obligations.

The role will be expected to operate at the Skills Framework for the Information Age (SFIA) Information Security, Levels 6 and 7, which includes:

• Directs the development, implementation, delivery and support of an enterprise information security strategy aligned with the business strategy.
• Ensures compliance between business strategies and information security.
• Leads the provision of information security expertise, guidance and systems needed to execute strategic and operational plans.

The role will establish strong relationships with key stakeholders in the business. Effective leadership of a diverse team of technology professionals dispersed globally will be essential to success.

Beyond the core focus, the role will work closely with the Chief Technology Officer and the IT leadership team to develop and implement the Firm’s technology strategy and set the annual budget.

The role is pivotal in ensuring that technology supports the delivery of legal services to HFW’s lawyers and clients, thereby enabling the Firm’s strategy.

The Firm has a flexible approach to working patterns and the workplace, which reflects its global nature.

Key responsibilities

• Determines the cyber security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas.
• Manages the budget for the cyber security.
• Lead, manage, develop, coach and mentor the cyber team, comprising the IT Manager, cyber Security and their team members.
• Develop and deliver the a cyber security strategy, including email security/DLP, SASE/SWG/CASB, SIEM, etc., ensuring that the Firm responds and adapts to changes in the cyber threat landscape.
• Management of the cyber security and infrastructure budgets, to ensure value for money and alignment with IT, cyber security, and infrastructure strategies and roadmaps.
• Develops, socialises and coordinates approval and implementation of security policies and procedures.
• Maintain strategic relationships with all relevant suppliers and ensure the timely and effective delivery of IT services.
• Lead and sponsor the maintenance and development of the firm’s IT security controls framework, including the operation of controls and compliance with policies, procedures and standards.
• Lead security operations, including threat monitoring, incident detection, analysis, and response activities.
• Act as control and process owner for security incident management and response. Work closely with key stakeholders to ensure incident response plans are up to date and are effectively tested, including facilitation of tabletop exercises to simulate incident response.
• Define and steer the cyber security programme to implement technical security solutions and controls aligned to industry best practice and the emerging threat landscape.
• Ensure the renewal of accreditations, such as cyber Essentials + and ISO27001.
• Attend the Risk Committee.
• Direct the creation of a targeted cybersecurity awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.
• Implement and provide reporting on the effectiveness of HFW’s IT security controls framework, including the operation of controls and compliance with policies, procedures and standards.
• Participate in internal security assessments, internal audits, client audits, compliance certifications, third-party risk management and client security questionnaire responses.
• Progress the professional development of the cyber team to ensure that they remain current in skills and technologies.
• Any other ad hoc duties as required.

Key skills and experience required

• At least 5 years’ relevant experience in a cyber security leadership role a law firm or comparable organisation operating in a regulated environment.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials.
• Proven experience of working with IT security systems and information security governance, i.e., control frameworks, incident management, operations and application of security best-practices.
• In-depth knowledge of cyber security technologies (e.g., firewalls, Microsoft enterprise cloud services, VPNs, ZTNA, IDS/IPS, SIEM, Juniper MIST, encryption).
• Experience with security standards and frameworks such as ISO 27001, NIST, and GDPR.
• Strong analytical and problem-solving skills and can interpret and apply complex technical information and able to explain cyber security to other members of the business.
• Leadership experience working to support the development and direction of both directly employed and third party employed IT security professionals.

Additional Information

Kindly note that this job description is not contractual. It will be reviewed periodically and may be amended or altered to meet the needs of the firm.

HFW aims to ensure equality of opportunity, and we are actively working towards improving the diversity of our staff. All applications will be considered only on merit and the applicant’s suitability to meet the requirements of the role.

HFW collects and processes personal data relating to job applicants to manage its recruitment process. The firm is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. For information on how the firm will process your data, please see our Privacy Notice on our website, in the section “What we collect and how we use it”.

Apply now

About HFW

HFW is a sector focused global law firm.  We have over 700 lawyers working across the Americas, Europe, the Middle East, Asia and Australia.  We take a progressive approach to our roles in commercial business – thinking creatively and pragmatically to support our clients.

Whether we are solving complex issues within the construction, aviation or shipping industries, or providing advice across insurance, commodities and energy we are specialist lawyers here to add value to our clients. We think about the commercial solution first, and then underpin our advice with a solid foundation of legal expertise.

Entrepreneurial. Creative. Collaborative.

Learn more about us

Share

Twitter LinkedIn E Mail Share