Information Security Governance Manager

Manage the security governance, risk and compliance activities within the Information Security Team. Working with wider governance functions to support the implementation and validation of security controls. Ensuring that all obligations and certifications are met and ensuring that clients receive assurance as to the security of the data that the firm holds for them.

This role acts as a governance interface between teams within Information Security, Office of General Counsel, Risk & Resilience and wider business functions through building relationships and assisting other team improve their security controls and the firm’s security posture.

Develop and improve the teams’ capabilities in response to changes in technology and business practices whilst keeping up to date with the latest security trends and capabilities.

Main duties and responsibilities

Management

• Management responsibility for a team of 4 people who deliver assurance of the firm’s security controls, respond to client security queries and audits, input into client terms of business and identifying security risks
• Responsible for ensuring that all processes and capabilities are scalable to meet the needs of the business and the demands of its clients

Governance, Control Assurance and Compliance

• Maintain and evolve the information security policy suite, standards, baselines, and control library
• Ownership of internal security compliance practices, controls within DLA Piper International. This currently includes ISO27001:2022, Cyber Essentials +, DISP and other government mandated control frameworks
• Ensuring all certifications are completed successfully each year or audit period;
• Leading on security risk management processes, ensuring they are integrated with wider enterprise risk management capabilities including KRIs
• Provide clear security risk narratives and options to senior stakeholders
• Design and run the control assurance programme (testing, monitoring, evidence collection)
• Coordinate internal/external audits (ISO 27001, Cyber Essentials +, DISP) and manage findings to closure
• Track and report compliance posture, control coverage, and remediation progress
• Accountable for external client audits and pitch responses and ensuring compliance with any security related legislation or client requirements
• Ensuring that the firms security controls are documented and integrated into the Information Security Management System and control framework
• Define and publish security KPIs/KRIs, maturity metrics, and board-ready reporting
• Ensure lessons learned from incidents feed into controls, policy, and security training
• Ensuring the team is focussed on continual improvement in all its processes and that the needs of the business are being met in a timely manner

About you

Whilst not and in-depth technical role, it does require the ability to work with both technical and nontechnical teams in the context of security. The role works closely with Security Architecture and Security Operations teams and has access to their expertise.

• Understanding of professional services organisations and the legal sector
• Extensive experience of security standards and certifications including ISO 27001, Cyber essentials, NIST CSF and DISP
• Have experience of managing teams to ensure requirements are delivered on time
• Able to handle multiple priorities, working to sometimes conflicting timescales in a fast-paced and challenging environment
• Able to build trust and rapport to develop effective relationships, internally and externally
• Have a pragmatic approach to responding to requirements and expectations from the wider business
• Have significant experience of managing security governance and compliance activities in a professional services organisation or other multinational business
• Thorough understanding of risk management concepts and processes
• Recent experience of cloud technologies and organisations making use of SaaS, PaaS and IaaS services
• Knowledge of business continuity standards, physical security and wider operational risks are useful
• Qualifications and certifications in information security, risk management and audit are desirable such as 27001 Lead Implementer/Auditor, CISM, CISA, CRISC or CISSP

About us

We're a global law firm helping our clients achieve their goals wherever they do business. Our pursuit of innovation has transformed our delivery of legal services. With offices in the Americas, Europe, the Middle East, Africa and Asia Pacific, we deliver exceptional outcomes on cross-border projects, critical transactions and high-stakes disputes.

At DLA Piper, we understand that inclusion is not a one-size-fits-all concept. We embrace and celebrate the range of perspectives, backgrounds and experiences that each individual brings to our firm. By fostering a culture that welcomes and appreciates all aspects of our individuality, we ensure that everyone has the opportunity to succeed.

Our commitment to inclusion and positive social impact enables us to provide exceptional service to our clients and communities, while nurturing a unique and inclusive culture for all our people. We welcome the unique contribution that you will bring to our firm and actively encourage applications from all talented people – however your talent is packaged, whatever your background or circumstance and regardless of how you identify.

We are committed to being accessible and accommodating any reasonable adjustments needed throughout the recruitment process to ensure an inclusive experience for all. If you need any support or adjustments, please let us know.

Where local legislation permits, we will conduct relevant pre-engagement screening checks prior to your first day.