We are currently recruiting for a Digital Security Manager to join our Information Security team in either Belfast or London.
This role will support the Chief Information Security Officer (CISO) with development of the 4 year strategy for Information Security within the firm. They will be the lead subject matter expert for technical incident response in InfoSec including complex technical security investigations and will consult across technology and within the firm’s innovation function ‘Fuse’ to provide security advice concerning safe designs for IT solutions and services. The successful candidate will own and maintain the Information Security Risk Assessment method and artefacts for the firm. In addition they will asist the client security assurance team when they are addressing complex technical control questions.
Role and responsibilities
- Support the CISO with the development of the Information Security Strategy for the global firm.
- Support the CISO with the development of Information Security communications materials including intranet articles and security training videos.
- With the Senior Manager Security and Data Compliance in Belfast drive the simplification and automation agenda within InfoSec ensuring technology reuse is maximised and InfoSec is well positioned for a DEV/SEC/OPS software deployment approach and a digital identity centric information protection model.
- With the Information Security Architect collaboratively lead on the AS-IS and TO-BE security architecture and the roadmap and lift both the clarity and granularity of security architecture description with a focus on making cloud use operationally safe whilst constructively challenging any gaps between vendor marketing statements and objective measured security capabilities.
- Act as one of a small group (usually less than three) of technical incident responders within the InfoSec function who will operationally lead the technical aspects of InfoSec response during a InfoSec incident. This role involves coordinating across InfoSec and the IT function as well as with other departments in the firm sometimes in time critical situations.
- With the Information Security Architect lead the embedding and strengthening of the “secure by design” process in the IT design lifecycle and own the standardised IS Risk assessment process and artefacts for the firm globally, in addition own the definition of the remediating controls process (and it’s associated artefacts) in the IT design process.
- Be the prime InfoSec stakeholder for security within our innovation team (Fuse) and help them embed a agile DEV/SEC/OPS model from a security perspective whilst maintaining agility of response to legal practice teams and client requirements.
- Drive better connection with the line of business within InfoSec by a) Conducting business centric security testing which builds an ongoing conversation with practice groups and support functions. b) Developing and embedding business centric security assessment and "report of findings" approaches and skills.
- Actively support the "value from data" drive and data team within IT.
- Work directly with the CISO to deliver change projects across the Information Security capability globally. Examples of which might be to a) assess the as-is skills sets of the whole InfoSec team and agree broad skills development goals across the function b) Further enhance threat hunting and technical vulnerability management within the firm.
- In collaboration with the Global InfoSec Risk and Compliance Manager support of the transformation of the security assurance framework in A&O from a focus on co-located traditional data centre technology to cloud based services.
- In collaboration with the Global InfoSec Risk and Compliance Manager drive the service to assess the information security maturity of third parties and in particular that of new suppliers as they are presented within the procurement process.
- Support client requests for Information Security audit responses. Formally providing clients with assurance that A&O meets their Information Security standards. This job duty can involve attending face to face audit meetings with a client auditor and also the providing advice to those who are preparing and submission of client audit responses.
- Work with project teams within the wider IT and business to provide:
- Clear guidance on the policy stance taken by InfoSec on the relevant security issues highlighted by the project (reflecting our stance with clients).
- Assessing and formally signing off InfoSec Risk assessment produced by project teams during the development of a IT service.
- Assessing and formally signing off InfoSec controls definitions produced by project teams as part of their design work in order to confirm that a project has met InfoSec requirements.
- Providing SME concerning how a particular security control might be designed for the project and how new controls may be introduced into the infosec controls list in the firm.
- Providing leadership input (for the security operations team) of security analysis and tickets presented by our security supply chain including our global 24x7 MSSP.
- Attend architecture reviews and providing guidance such as confirming the acceptability of the security solution / control designs presented in the review.
- Deliver security awareness training to medium size groups.
- Deliver customised security training within the InfoSec team.
Allen & Overy LLP is committed to being an inclusive employer and we are happy to consider flexible working arrangements.
Additional information - External
Allen & Overy is a leading global law firm operating in over thirty countries. By turning our insight, technology and talent into ground-breaking solutions, we’ve earned our reputation as a firm that leads the industry and opens up new possibilities in law. Our lawyers are leaders in their field – and the same goes for our support teams. Ambitious, driven and open to fresh perspectives, we find new ways to deliver our services and maintain our reputation for excellence, in all that we do.
The nature of law is changing and with that change brings unique opportunities. We are defined by our consistent commitment to creating a collaborative and supportive working culture and investing in your progress. We’re committed to supporting a culture that drives diversity and inclusion. Every day, we’re working hard to create an environment where you feel you can bring your authentic self to work. To be comfortable and confident to be who you are in the workplace. To feel like you belong. We offer rewarding careers that are built around your strengths and designed to ensure you can achieve your personal and professional ambitions. Joining our global team, you’ll discover what collaborating on a global scale really looks like; you’ll learn how to help drive change; and you’ll be at the heart of an organisation that’s defining the future of law. If you’re ready to find a place to thrive: It’s Time.