Global InfoSec Risk & Compliance Senior Manager

Allen & Overy LLP
London (Central), London (Greater)
Closing date
11 Mar 2023

View more

Vacancy Type
IT, Other specialist roles, Risk Management
Contract Type
Experience Level
Senior Manager, Manager
Role Classification
Other Professional
You need to sign in or create an account to save a job.

Job Details

Job description

We currently have an amazing opportunity for a Global Information Security Risk & Compliance Senior Manager to join us to lead on all InfoSec risk and assurance related matters for the InfoSec, IT, and Client Audit teams.  Duties will include:

  • Client InfoSec requirement compliance – In partnership with the Client Audit Team, manage the process by which our clients audit A&O's information security controls. Review changes in client requirements in order to verify A&O's capability to comply, or recommend investment cases to meet control gaps. Prepare for and attend client audit meetings / visits. Liaise directly with senior client and internal stakeholders when negotiating control changes. Manage the workload of a team of international InfoSec assurance analysts in order to maintain the flow of client audit and remediation requests. Be the operational champion for process efficiency work and self-service projects in this space.
  • InfoSec framework maintenance and governance – Own the maintenance of the ISO27000 series and SOC2 frameworks for the firm. Conduct the annual policy review & sign-off, and manage the process of external audit (at least 3 a year across multiple locations) of the frameworks. Prepare for and manage the ISO27001 and SOC2 governance meetings across the firm, bringing together senior stakeholders to review and to challenge progress.
  • Technology risk process and the IT elements of annual financial audit – Lead the quarterly cycle of reviewing confirming the IT Risk Register with senior management in IT on a quarterly basis. Manage the IT controls component of the annual external financial audit.
  • Client facing incident response – In the event of an incident which requires client interaction work alongside the CISO to co-ordinate and front client facing InfoSec incident reporting and discussions.
  • Global Security Champions community and InfoSec awareness materials – Lead regional security champions' knowledge sharing, training, and certification programmes. Make updates to the firm’s annual InfoSec compliance training and global InfoSec awareness training as and when required.
  • Behavioural security testing – Lead initiatives, which test behavioural compliance with InfoSec standards including the global phishing testing, training and reporting capability within the firm.

Role and responsibilities
Business / IT Strategy

  • Support the CISO in clearly understanding risk across the IT and Shared Services functions.
  • Support the CISO and Security Architects in contributing to the selection of appropriate technology solutions to fulfil security & business requirements.
  • Support the CISO in developing and maintaining successful internal and external business relationships (at senior level) in order to understand existing and emerging InfoSec & Cyber risks.

Supplier Management

  • Maintain a broad understanding of how the organisation sources, deploys and manages external partners.
  • Support the CISO in ensuring that supplier performance is properly monitored and regularly reviewed as defined by the Supplier Management Framework.
  • Support the CISO in providing advice on policy and procedures covering the selection of suppliers, tendering and procurement.
  • Works closely with the Procurement team to ensure all areas of commercial negotiation are documented and adhere to the Supplier Management processes.

Risk Management

  • Operate the IT Risk Management framework for IT.
  • Coordinate and monitor the development of risk treatment plans.

Quality, Methods & Tools

  • Facilitate improvements to processes using industry best practices, typically using recognised frameworks such as ISO27001 and SOC2.
  • Support the CISO with the design and delivery of communication and training activities to update and refresh colleagues’ knowledge on quality standards.
  • Take responsibility for the control, update and distribution of quality standards and advise on their use concerning InfoSec compliance.

Information Security

  • The role holder is expected to consider all aspects of IT Risk Management as well as Information Security Compliance and Assurance.  A clear and demonstrable understanding of all aspects of Information Security is required, along with the ability to promote awareness and encourage compliance with Information Security principles. 

Key requirements
Business Competencies

  • Ability to develop good working relationships across the firm and effectively share knowledge between individuals and teams to contribute to the overall effectiveness of project and service improvement work.
  • Commercial acumen including an understanding of the overall picture of how technology adds value to the business.
  • High level of personal credibility, impact and influence at all levels of the organisation.
  • Excellent communication and presentation skills, both orally and written.
  • Ability to manage ambiguity and often conflicting priorities.
  • Highly self-motivated, self-starter, who will undertake all activities to the highest professional standards.
  • Experience of working in a global environment with an appreciation of multiple cultures.


  • Detailed practical knowledge of Cyber Security, particularly with regard to Cloud security, IT data network security and general IT infrastructure and software security.
  • Expected to have a solid understanding of all major technologies used in Cyber Security including cloud technologies.
  • Knowledge of technology trends.
  • Knowledge and experience of working in ITIL environments.


  • Extensive experience of Information Security and Cyber security leadership, ideally within a law firm.
  • Track record of managing small teams across multiple locations globally.
  • Some technical as well as policy background preferred, with a wide range of experience across multiple technical areas
  • Proven experience of balancing technical, commercial and other issues to deliver business advantage.
  • Experience in contract specification and schedule production.
  • Experience of security and IT risk management.


Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of Allen & Overy’s recruitment team who will work with you to provide any reasonable adjustments as required.

We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic

At Allen & Overy, we recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing an onsite gym, wellbeing centre and GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, season ticket loans and online discounts and lifestyle management services.

Additional information - External

Allen & Overy is a leading global law firm operating in over thirty countries. We work on some of the most challenging and important deals and have built a reputation for delivering exceptional legal solutions that help our clients grow, innovate and thrive. The legal industry is changing, and we're committed to leading that change, putting our people first, embracing new ways of thinking and integrating technology into our everyday work. Our business teams work hand-in-hand with our lawyers, Consultants and other specialist teams, and are ambitious, driven and leaders in their field.

With us, you will constantly be learning and growing. We invest in you by offering exceptional professional and personal development – providing training, mentoring and practical support. We offer rewarding careers that are built around your strengths and designed to ensure you can achieve your personal and professional goals, recognising that those may look different for everyone.

We have a powerful commitment to diversity, equity and inclusion. We’re determined to play our part in advancing a workplace where progress is made by harnessing our differences – whatever defines you, we ask you to bring your whole self to work.

What truly defines a career at Allen & Overy? We recruit the best and ask for the best of you. We provide challenge, support and a place for you to belong. And together we excel, working on meaningful projects of global significance.


With over 5,600 people in over 40 offices, Allen & Overy is a business doing work of global significance.

Our success is built on the work of talented and motivated people who thrive in a supportive and collaborative environment, dedicated to delivering an exceptional standard of work for our clients. We’re ambitious and forward-thinking, committed to growing our business and meeting the future head-on. We’re not afraid of change, and we believe in challenging the status quo.

What we do goes beyond delivering an outstanding service. We lead the market by creating new solutions for our clients’ most complex legal and business challenges, helping them grow, innovate and thrive. By thinking creatively and entrepreneurially, we challenge expectations, push boundaries and build for the future. We draw on a world-leading network of expertise and a unique platform – such as our Advanced Delivery services and our network of Peerpoint consultants, to set the highest standards for our industry.

Global coverage in today’s market does not simply mean having offices in important cities around the world. For us, it means combining our global resources and sector expertise to work on matters that cross international boundaries with our culturally and geographically diverse teams. For you, it means that wherever you work, you’ll find a culture of inclusion and support – feeling confident to bring your whole self to work every single day. We have developed a culture in which difference is positively valued, and our people are free to be themselves.  At A&O, you're not only valued for what you do, but for who you are. 

We are in every sense one global team; supportive and collaborative, but also ambitious and driven.  Our capacity to combine these qualities and provide a setting in which our people can thrive is what makes us different.

Find Us
+44 (0) 20 3088 0000
One Bishops Square
E1 6AD
United Kingdom
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert