Skip to main content

This job has expired

Global Information Security GRC Senior Manager

A&O Shearman
London (Central), London (Greater)
Closing date
21 Nov 2023

View more

Vacancy Type
Contract Type
Experience Level
Senior Manager, Manager
Role Classification
Other Professional

Job Details

Job description

We are currently recruiting for a Global Information Security Governance, Risk & Compliance (GRC) Senior Manager join our London office to lead on all InfoSec risk and assurance related matters for the InfoSec, IT, and Client Audit teams.

Role purpose

  • Client InfoSec requirement compliance – In partnership with the Client Audit Team, manage the process by which our clients audit A&O's information security controls. Review changes in client requirements in order to verify A&O's capability to comply, or recommend investment cases to meet control gaps. Prepare for and attend client audit meetings / visits. Liaise directly with senior client and internal stakeholders when negotiating control changes. Manage the workload of a team of international InfoSec assurance analysts in order to maintain the flow of client audit and remediation requests. Be the operational champion for process efficiency work and self-service projects in this space.
  • InfoSec framework maintenance and governance – Own the maintenance of the ISO27000 series and SOC2 frameworks for the firm. Conduct the annual policy review & sign-off, and manage the process of external audit (at least 3 a year across multiple locations) of the frameworks. Prepare for and manage the ISO27001 and SOC2 governance meetings across the firm, bringing together senior stakeholders to review and to challenge progress.
  • Technology risk process and the IT elements of annual financial audit – Lead the quarterly cycle of review and confirmation of the contents of the IT Risk Register with senior management in global technology. Manage the IT controls component of the annual external financial audit.
  • Client facing incident response – In the event of an incident which requires client interaction work alongside the CISO to co-ordinate and front client facing InfoSec conversations.
  • Global Security Champions community and InfoSec awareness materials – Lead regional security champions' knowledge sharing, training, and certification programmes. Make updates to the firm’s annual InfoSec compliance training and global InfoSec awareness training as and when required.
  • Behavioural security testing – Lead initiatives, which test behavioural compliance with InfoSec standards including the global phishing testing, training and reporting capability within the firm.

Key relationships

  • Supports the CISO in working with the business to develop and maintain security posture, policies and procedures.
  • Works with Client Relationship Partners & the Client Audit Team to ensure client compliance expectations are met regarding Information Security at A&O.
  • Works with the physical security and in-house legal teams to ensure a consistent and coherent approach to information security and security in general.
  • Manages the global team of Information Security Assurance Analysts in the firm (the role has management responsibility for resources in EMEA (London & Belfast) and APAC (Singapore).

Role and responsibilities
Business / IT Strategy

  • Support the CISO in clearly understanding risk across the global practice groups and support functions.
  • Support the CISO and Senior Architect Security Assurance in selecting and defining the detailed controls which protect the firm.
  • Support the CISO in developing and maintaining successful internal and external business relationships (at senior level) in order to understand existing and emerging security supplier capability, the cyber threat landscape including the geopolitical cyber threat landscape.

Supplier Management

  • Maintain a broad understanding of how the organisation sources, deploys and manages external partners from a security capability perspective.
  • Support the CISO in ensuring that supplier performance is properly monitored and regularly reviewed as defined by the Supplier Management Framework.
  • Support the CISO in providing advice on policy and procedures covering the selection of suppliers, tendering and procurement.
  • Works closely with the Procurement team to ensure all areas of commercial negotiation are documented and adhere to the Supplier Management processes.

Risk Management

  • Operate the IT Risk Management framework for IT.
  • Coordinate and monitor the development of risk treatment plans.
  • Maintain the effectiveness of IT Risk management by reviewing and revising the IT Risk operating model when required.

Quality, Methods & Tools

  • Facilitate improvements to processes using industry best practices, typically using recognised frameworks such as ISO27001 and SOC2.
  • Support the CISO with the design and delivery of communication and training activities to update and refresh colleagues’ knowledge on quality standards.
  • Take responsibility for the control, update and distribution of quality standards and advise on their use concerning InfoSec compliance.

Key requirements
Business Competencies

  • Ability to develop good working relationships across the firm and effectively share knowledge between individuals and teams to contribute to the overall effectiveness of project and service improvement work.
  • Commercial acumen including an understanding of the overall picture of how technology adds value to the business.
  • High level of personal credibility, impact and influence at all levels of the organisation.
  • Excellent communication and presentation skills, both oral and written.
  • Ability to manage ambiguity and often conflicting priorities.
  • Highly self-motivated, self-starter, who will undertake all activities to the highest professional standards.
  • Experience of working in a global environment with an appreciation of multiple cultures.


  • Sound practical knowledge of Cyber Security, particularly with regard to Cloud security, IT data network security and general IT infrastructure and software security.
  • Expected to have a solid understanding of all major technologies used in Cyber Security including cloud technologies.
  • Knowledge of technology trends.
  • Knowledge and experience of working in ITIL environments.


  • Extensive experience of Information Security and Cyber security leadership particularly from a policy, assurance and governance perspective.
  • Track record of managing small teams across multiple locations globally.
  • Some technical as well as policy background preferred, with a wide range of experience across multiple technical areas
  • Proven experience of balancing technical, commercial and other issues to deliver business advantage.
  • Experience in contract specification and schedule production.
  • Experience of security and IT risk management.


Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of Allen & Overy’s recruitment team who will work with you to provide any reasonable adjustments as required.  We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.

Additional information - External

Allen & Overy is a leading global law firm operating in over thirty countries. We work on some of the most challenging and important deals and have built a reputation for delivering exceptional legal solutions that help our clients grow, innovate and thrive. The legal industry is changing, and we're committed to leading that change, putting our people first, embracing new ways of thinking and integrating technology into our everyday work. Our business teams work hand-in-hand with our lawyers, Consultants and other specialist teams, and are ambitious, driven and leaders in their field.

With us, you will constantly be learning and growing. We invest in you by offering exceptional professional and personal development – providing training, mentoring and practical support. We offer rewarding careers that are built around your strengths and designed to ensure you can achieve your personal and professional goals, recognising that those may look different for everyone.

We have a powerful commitment to diversity, equity and inclusion. We’re determined to play our part in advancing a workplace where progress is made by harnessing our differences – whatever defines you, we ask you to bring your whole self to work.

What truly defines a career at Allen & Overy? We recruit the best and ask for the best of you. We provide challenge, support and a place for you to belong. And together we excel, working on meaningful projects of global significance.


A&O Shearman is global industry-leading law firm with 48 offices in 29 countries. We are a partner and trusted advisor to some of the world’s most sophisticated companies, governments and financial institutions. With the combined strengths of our legacy firms, Allen & Overy and Shearman & Sterling, we offer unmatched global breadth and depth, a forward-thinking perspective on the future and a one-firm culture of excellence to achieve unparallelled outcomes  for our clients and for each other.

We're at the start of an exciting journey, and this offers exceptional opportunities for our people. Whether you're helping clients solve their most complex challenges, transforming the ways we manage our business, or ensuring the smooth-running of our operations, this is an environment where you can belong and excel - whether you’re starting out, or taking the next step in your career.

We work to attract and retain the very best people – and we support them to build their future with us. As part of our high-performance culture, we have high expectations of one another in everything we do. We foster a working environment based on collaboration and mutual respect, where everyone is trusted to do their very best work in the way they see fit, to a standard we all share.

With us, you will constantly be learning and growing. We invest in you by offering exceptional professional and personal development – providing training, mentoring and practical support. And we nurture an environment and ways of working that promote positive wellbeing.

We have a powerful commitment to diversity, equity and inclusion. Your unique perspective, attributes and experiences are valued here and we invite you to bring your whole self to work.

What truly defines a career with us? We recruit the best, we ask for the best of you, and we support you to achieve your potential. And together we excel.

Company info
+44 (0) 20 3088 0000
One Bishops Square
E1 6AD
United Kingdom

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert