We are currently recruiting for a Security Innovation Manager to join our Global Information Security team in London or Belfast. This role is a key member of the Global Information Security team. The job is focused on seven outcomes:
- Define the cyber and information security strategy for Legal Tech collaboratively lead the definition of a strategy for security for Legal Tech ensuring that the strategy supports the pillars of a) fail quickly (safe agile solution prototyping for legal tech) b) Cloud first (robust security for public cloud enabled services). Collaborate with the Legal Tech technical team, The Lead Architect Security Assurance, The CISO and the wider technology team to ensure the strategy protects sensitive data touched by Legal Tech solutions at all times globally.
- Know the solution providers take time to build relationships with the legal innovation solution providers and to understand their technologies and security challenges. Provide awareness training sessions concerning security good practice and enthuse and promote the benefits of good information and cyber security within the solution provider cohort.
- Track new legal innovation projects and sign off security postures maintain an accurate view of all the legal innovation projects and their status within the security by design process such that each project has i) An associated documented IS risk assessment ii) An associated documented IS controls framework definition iii) Sign off for their risk assessments and controls definitions from the Information Security team.
- Track live legal innovation services and assure security postures maintain an accurate view of all the legal innovation services in operation and perform regular assurance checks to ensure the appropriate security controls remain in place operationally.
- Provide risk assessment and control definition assistance and best practice provide technical teams within legal innovation and across IT with guidance and input concerning good practice when conducting security risk assessments help the teams to produce good insightful effective assessments. When necessary produce the assessments personally in order to provide examples. Further, provide guidance and input concerning good practice when defining IS controls in order that solution control definitions are effective.
- Define the IS risk assessment and controls definition strategy for the firm collaboratively develop and promote the strategy and manage and mature the IS risk assessment method for legal innovation including the production of standardised risk libraries as the method becomes more mature. Ensure “how to” documentation is available and that training is also available. Own and manage and mature the security controls definition method for legal innovation including the production of standardised control libraries as the method becomes more mature. Ensure “how to” documentation is available and that training is also available.
- Manage independent assurance (pen test) before legal innovation projects go live organise and manage pen tests and subsequent security remediation.
- Works closely with the Digital Security Manager (London).
- Works with the Associate Director for Legal Technology (London).
- Works with the CISO (London)
Role and responsibilities
- Define the cyber and information security strategy for Legal Tech globally.
- Know the solution providers.
- Track new legal innovation projects and sign off security postures.
- Track live legal innovation services and assure operational security postures.
- Provide risk assessment and control definition assistance and best practice.
- Define the IS risk assessment and controls definition strategy for the firm.
- Manage independent assurance (pen test).
- Demonstrate experience of IT security and IT infrastructure security and in particular cloud security architecture approaches for Microsoft Azure.
- Be educated to degree level ideally in Computing Science or Information Security or Cyber Security.
- Be familiar with IS risk assessment and the process of documenting and evaluating IS risks in conjunction with designing technical security controls to manage the risk.
- Demonstrate energy, tenacity, and the ability to deliver in time critical and sometimes demanding situations.
- Have an implicit sense of placing technology and data risk in a business context by pro-actively developing a sound understanding of how the business harnesses data and technology.
- Be an effective problem solver and be able to work with technical teams locally and globally.
- Position the benefits of good security and champion the security perspective particularly in advance of signing off risks assessments and controls definitions.
Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of Allen & Overy’s recruitment team who will work with you to provide any reasonable adjustments as required.
We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic
At Allen & Overy, we recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing an onsite gym, wellbeing centre and GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, season ticket loans and online discounts and lifestyle management services.
Allen & Overy recognises the value of flexible working and embraces hybrid working, allowing our people to work from home up to 40% of their working time. We do however remain committed to working together in person for the remaining 60% of time so that we can learn, grow and succeed together. If you would like additional flexibility we will of course consider this in line with business needs.
Additional information - External
Allen & Overy is a leading global law firm operating in over thirty countries. We work on some of the most challenging and important deals and have built a reputation for delivering exceptional legal solutions that help our clients grow, innovate and thrive. The legal industry is changing, and we're committed to leading that change, putting our people first, embracing new ways of thinking and integrating technology into our everyday work. Our business teams work hand-in-hand with our lawyers, Consultants and other specialist teams, and are ambitious, driven and leaders in their field.
With us, you will constantly be learning and growing. We invest in you by offering exceptional professional and personal development – providing training, mentoring and practical support. We offer rewarding careers that are built around your strengths and designed to ensure you can achieve your personal and professional goals, recognising that those may look different for everyone.
We have a powerful commitment to diversity, equity and inclusion. We’re determined to play our part in advancing a workplace where progress is made by harnessing our differences – whatever defines you, we ask you to bring your whole self to work.
What truly defines a career at Allen & Overy? We recruit the best and ask for the best of you. We provide challenge, support and a place for you to belong. And together we excel, working on meaningful projects of global significance.