Head of Information Security

Overview

The Head of Information Security reports into the Director of IT and is responsible for all aspects of the information and cyber security programme across the firm. Developing, maintaining, and enforcing security requirements to ensure the firm is appropriately protected, the Head of Information Security will work closely with IT and other business teams to ensure the firms'' information security requirements and obligations are met; information security risks are managed; and the information security strategy aligns with the firm''s strategy.Responsibilities

Maintain and develop the information security function, strategy, and programme, aligned with RPC''s strategic objectives and fulfilling legal, regulatory, and contractual requirementsProvide leadership on information security and serve as an expert advisor to the senior leadership team on matters concerning information and cybersecurity, information risk management, as well as emerging threats and security technologiesOversee the management of security operations to ensure systems, controls, processes, and practises adequately protect the firm, and enable it to detect and respond to current and evolving cybersecurity threatsOversee the management of business continuity and cyber resilience, including crisis management, business continuity and disaster recovery planning, to ensure the firm is resilience to operational and cybersecurity eventsOversee the management the information security policies, standards, guidelines, and procedures, to ensure appropriate information security governance is in placeIdentify, assess, monitor, and mitigate information security risks, including supply chain risksEnsure compliance with the relevant laws, regulations, industry standards, and client-driven information security requirementsLine management of the information security team delivering security operations, business and cyber resilience, and information security governance risk and complianceCollaborate with key stakeholders and integrate information security best practises into operations and decision-making processes, and work with other delivery teams to ensure security by design principles are appliedPrepare submissions for, and chair the Information Security Steering GroupProvide regular to senior stakeholders comprising strategy and programme updates, risk management activities, and key performance and key risk indicator dataMaintain and develop robust incident response and management procedures, provide timely reporting of security incidents to appropriate partiesMonitor the cybersecurity threat landscape and advances in the cybersecurity technologies and explore innovative solutions to enhance the overall security posture of the firmProactively identify security deficiencies or opportunities for improvement and facilitate the development of commercial and pragmatic solutionsFoster a culture of cyber security awareness through regular training programmes for people at all levels of the organisationProvide information required to fulfil the security requirements of client audits, due diligence questionnaires, pitches, tenders, and non-client security audits and questionnairesManagement of third parties and the performance of managed service providersManage the information security budget in conjunction with the finance and procurement teams, and prepare and represent business cases for information security investmentsEnsure the renewal of accreditations such as Cyber Essentials PlusQualifications

Demonstrates a growth mindset and is committed to lifelong learning and to build knowledge and expertiseA minimum of 10 years'' experience in information security roles with increasingly responsibility; prior experience as a Head of Information Security or equivalent strongly preferred; prior experience in law firms or professional services is desirableStrong knowledge of security and data privacy regulations, global information security standards, best practices, and security control and frameworks such as ISO27001 and NIST-CSFExcellent leadership skills, both line management, and as part of the IT and business services senior leadership teamsExcellent verbal and written communication skills, adjusting style and content to suit the recipients and audienceProven success in building high performing teams who deliver the required business and security outcomesKnowledgeable on of IT and security technologies and best practiseExperienced in risk management strategies, assessing security risks, and advising on commercial risk management strategiesWorking style and approach is collaborative, builds trust, and is diplomatic and supportiveKnowledgeable of the legal obligations and compliance frameworks relevant to a legal firmProvides thought leadership and technical input to support informed decision makingExperienced working in fast paced and dynamic environmentsCapable of working with details at a tactical level, as well as operating at a strategic levelHolds an information security certification such as CISSP, CISA or CISMHighly resilient and able to work well under pressureDiversity, equity, inclusion and belonging: We are problem solvers. Whether in front of clients or behind the scenes. To solve problems creatively for clients, we need diverse collaborative thinking; drawing on different experiences, backgrounds and perspectives. That means that everyone who either applies to, or works for, the firm is treated equitably. We believe in removing barriers to equal access not least because our people define us and define what we do. If you need support and adjustments to do your best work, whether that''s during the recruitment process or throughout your time at RPC, we''re here to ..... full job details .....