Cyber Security Risk Manager

Any Location, full time, permanent

The role 

Reporting to the firm’s Director of IT, with support from the Head of Technology, the role will lead on promoting a culture of cyber security and embedding best practices across the organisation.

As a source of strategic and trusted advice and guidance to colleagues across the firm, this role will also take overall responsibility for:

• Maintaining and operating the firm’s Information Security Management System (“ISMS”), providing leadership to others and liaising with other managers
• Maintaining the firm’s IS certification and compliance (currently ISO 27001 and Cyber Essentials Plus)
• Developing and maintaining cyber security policies, procedures, processes and controls
• Developing and managing and the IT Team’s business continuity plan
• Identifying and communicating emerging cyber security threats with the Head of Technology and the IT team
• Develop and adhere to existing Cyber and Information security compliance frameworks, security policies and procedures, where necessary
• Manage and deliver auditing and testing of exiting security controls, including regular penetration tests
• Engaging with the firm to improve cyber awareness and IT BCP knowledge amongst staff

The person

This is a busy and challenging role and to be successful the role requires someone who is/has:

• educated to degree level or has equivalent experience
• a professional qualification in cyber or information security management, information legislation or other relevant area. Those working towards such a qualification would be considered
• continued professional development, and willingness to keep up to date
• strong written and verbal communication skills
• IT literacy and accurate record keeping
• experience of working and engaging with a variety of senior staff
• strong experience across Cyber or Information Security
• knowledge and understanding of how International Standards, such as ISO 27001 operate in accountable organisations
• knowledge and understanding of risk management principles
• an understanding of audit principles and procedures.

The post holder must be able to always demonstrate excellent communication and interpersonal skills and manage the cyber security forum and provide board level reports.

Additional personal attributes will include:

• strong attention to detail
• a logical and systematic approach
• being a good communicator (both written and verbal), who can explain more complicated matters in a simple and straight forward way
• energy and enthusiasm
• a pleasant and outgoing approach
• being a team player
• flexibility in approach

In addition, you will need to:

• travel to the firm’s other offices
• be flexible and able to work longer hours as the role demands

Key duties responsibilities and accountabilities

• Lead or commission appropriate cyber security awareness, training and educational activities
• Input into the firm’s responses to client supplier assurance questionnaires, audits and bid/tender responses as they relate to cyber security
• Lead the IT teams response to managing cyber security incidents, including leading investigations, identifying and monitoring corrective actions and lessons to be learnt
• Working closely with the ISO 9001 Internal Audit Manager, construct and maintain the firm’s internal audit programme including reporting outcomes and ensuring identified corrective actions relating to information and cyber security are appropriately completed
• Lead the operation and maintenance of an ISMS for all of Mills & Reeve’s offices (currently in Birmingham, Cambridge, Leeds, London, Manchester, Norwich and Oxford) and across all functions, including
• certification against and compliance with ISO27001
• assisting the CISO and Information Security Forum (“ISF”) to prepare and review information  and cyber security objectives
• leading any staff with responsibilities within the ISMS
• working with relevant colleagues to ensure routine security activities, emerging security risks and control technologies are well understood and appropriately established
• leading or commissioning the preparation, implementation and maintenance of policies, procedures, guidelines, and other documents required by ISO 27001, in conjunction with the CISO/COLP and ISF
• ensuring NSL Leaders and Business Support Heads enforce compliance with the firm’s information security policies and procedures and promote best practice
• reporting to the ISF at agreed intervals on the effectiveness of policies and their implementation within the firm, and report all information and cyber security breaches and major risks to the CISO/COLP and ISF
• preparing the ISO 27001 Annual Management Review Report
• Lead on security risk assessments and maintaining the Risk Assessment Register
• Prepare for external audits and respond to issues and recommendations arising from audits
• Developing and managing the IT team’s business continuity plans, with support from IT Management. Preparing and testing plans across the team and communicating the results to the firm
• Undertake any other duties which may reasonably be required, commensurate with the role, bearing in mind the developing needs and demands of the firm

Pre-employment screening

Please note that, in the event that we make an offer for a role, we will conduct pre-employment screening that includes, but is not limited to, a basic DBS check, right to work check, any disciplinary history recorded with the Solicitors Regulation Authority (SRA) and a self-declaration to assess your character and suitability for the role.  A full policy of the screening the firm undertakes is available on request.

The Mills & Reeve Business Services career structure

We have a firm wide business services career structure and published career progression frameworks for each of the business services teams.  Within the firm wide career structure there are five career levels.  For the purposes of the framework, this role is at a Senior Manager level and the role profile that details the outcomes and activities expected of Senior Managers across the firm is included with this job description.  Further cyber on the firm's business services career structure is available from the HR team.

The package

As you would expect, the firm offers a generous salary and benefits.  The firm’s standard benefits are detailed in the following link:

http://www.mills-reeve.com/benefits/

The firm

What really sets Mills & Reeve apart from other law firms is the way we work with our clients. We understand that clients, in the 21st century, no longer want a traditional law firm – they want one that embraces forward thinking approaches to service, billing, commercial know-how, innovation, people management and community engagement.

And finally‿

Mills & Reeve is committed to providing an inclusive and supportive working environment.  We are happy to consider flexible working arrangements and endeavour to achieve the right balance for both our people and the business. This attitude to flexible working ensures we continue to provide outstanding service to our clients, whilst allowing our people to develop their careers in the knowledge that personal priorities will remain just that.

Mills & Reeve is committed to promoting equality, diversity and to providing an inclusive and supportive environment.  Please click here to find further regarding our diversity policy.

If you would like any more cyber about Mills & Reeve, you can visit our website by clicking on the following link:

http://www.mills-reeve.com/