This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.
About Ashurst
Ashurst is a leading progressive global law firm with a rich history spanning more than 200 years. We are proud of our history and are future-focused, having expanded into new technologies through our NewLaw division, Ashurst Advance, and our consulting arm. Our in-depth understanding of our clients and commitment to providing excellent standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit www.ashurst.com.
Department/Role overview
The Information Security Senior Manager role is a senior role within the Security & Privacy function and is expected to communicate information security strategy and its requirements to all internal and external stakeholders.
The Information Security Senior Manager is responsible for designing, implementing and managing a robust information security framework that aligns with Ashurst's objectives, regulatory, client and insurance requirements. This role ensures that security policies, standards and procedures are effectively developed, communicated and enforced.
The Information Security Senior Manager will oversee information security compliance, risk management and governance activities. This role will work closely with cross-functional teams, including the IT, Risk & Compliance, project management, and technical teams, to ensure Security & Privacy supports Ashurst's business objectives whilst maintaining compliance with relevant laws, standards and best practices.
Main responsibilities
Governance Framework and Strategy
- Implement and maintain information security governance frameworks and policies aligned with internationally recognised frameworks, such as ISO 27001 and NIST CSF.
- Oversee governance tools and frameworks that improve compliance tracking and reporting.
- Manage the information security risk management strategy which enables proactive identification, assessment and mitigation of risks.
- Drive the development of security policies, standards and procedures that meet industry standards and regulatory, client and insurance requirements.
- Conduct regular reviews of information security structures to ensure they remain effective and current with emerging threats and changes in business landscape.
Risk Management and Compliance
- Lead the information security risk assessment processes for identifying and evaluating information security risks, applying the Enterprise Risk Management Framework, Information Security Management System and NIST risk management practices.
- Ensure compliance with regulatory, legal, insurance and client requirements.
- Oversee security audits and assessments, supporting remediation efforts and driving continuous improvement in risk posture.
- Maintain up to date knowledge of changes in regulations and emerging security risks.
Stakeholder Engagement & Communication
- Collaborate with senior leaders across departments to embed security within business processes.
- Foster a culture of security awareness and ownership, ensuring team alignment with Ashurst goals and values.
- Act as the primary point of contact for information security matters, engaging with internal and external stakeholders.
- Develop and present cyber security governance reports, providing insights on risk posture and program performance.
Continuous Improvement and Incident Response
- Oversee the continuous improvement of information security and risk management processes.
- Support the incident response teams in handling cyber security incidents, ensuring post incident governance adjustments are implemented.
- Conduct regular maturity assessments against industry frameworks to ensure cyber security processes are advancing.
Supplier Relationship Management
- Collaborate with procurement teams to assess and manage security risks associated with vendors.
- Review vendor security documentation, such as questionnaires, audits, and certifications, to evaluate their security posture.
- Provide guidance to procurement teams regarding security requirements and standards for vendor selection and ongoing monitoring.
Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.
Essential skills and experience
- Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
- Professional certifications such as CISSP, CISM or CRISC or similar credentials are preferred.
- ISO 27001 Lead Auditor or Implementer.
- Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST).
- Deep understanding of ISO 27001, NIST CSF, COBIT and other security and IT governance frameworks.
- Experience in conducting vendor risk assessments and project security risk assessments.
- Strong analytical, problem solving and decision making skills.
- Excellent communication and leadership abilities.
- Attention to detail and a commitment to maintaining high-quality standards.
- Knowledge of data privacy laws and regulations across multiple jurisdictions is a bonus.
Other Responsibilities (as required)
- Other suitable duties, consistent with the duties and responsibilities of the position as directed by the supervisor or nominated delegate.
Background checks
In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations.