The Opportunity
Role / Primary Responsibilities:
An exciting opportunity within the General Counsel & Risk team as part of our global Information Security team.
The individual will work closely with the UK, Australia and US-based teams in the following primary areas of responsibility, focusing on the UK and EMEA offices:
Providing assurance to external stakeholders, including:
Client information requests (security questionnaires, contract terms etc.)
External certification audits
Client site audits
Supporting the maintenance of the Firms ISO 27001 certification, in particular:
Preparing new and existing business units for certification/audit.
Collating metrics in support of governance and continual improvement.
Risk assessing new ways of working, alongside the Risk and IT teams.
Assessing compliance with client-specific security requirements within the legal teams.
Managing the ISMS tools, documentation and trackers.
Supporting internal security audit activities.
Operational Security Oversight
Investigate and manage DLP alerts and user behaviour anomalies, escalating as needed.
Support incident response for phishing, impersonation scams, and other security events.
Assist with API integration projects to enhance security workflows (e.g., ServiceNow integrations).
Security Awareness & Education
Deliver and monitor phishing simulation campaigns, producing reports and insights.
Contribute to security communications and awareness programs across the firm.
Strategic Initiatives
Participate in onboarding new security technologies such as Data Security Posture Management (DSPM).
Engage with AI Risk and Governance discussions to support emerging technology adoption.
Stakeholder Collaboration
Build strong relationships with IT, Risk, HR, and legal teams to embed security into business processes
Provide practical security advice to internal stakeholders.
Please note this role is concerned with governance, risk and compliance elements of general information security; it is not a technical IT/Cyber Security role albeit a strong appreciation of IT and IT/Cyber Security concepts is required for this role to be successful.
Qualifications / Skills / Experience
Degree educated (technical degree or similar).
We would expect the successful candidate to have around three years' experience in information security but may consider those with less experience providing they can demonstrate they meet the required competencies.
Strong knowledge of ISO 27001 implementation and certification.
Power BI analytics and reporting.
One or more of the following desired – MSc in security or similar; CISSP; CISA/CISM; ISO 27001 Lead Auditor.
Professional Services experience preferable.
Adaptable, diligent and works with initiative.
Strong relationship builder – internal and external.
Familiarity with security tools and systems would be advantageous (e.g., Email DLP, UEBA, phishing simulation).
Experience working as part of a global team.
Team
General Counsel and RiskWorking Pattern
Location
LondonContract type
Permanent ContractDiversity & Inclusion
We are committed to attracting people from all backgrounds and creating a respectful and inclusive culture where everyone thrives. We see this as essential to our success, including our ability to innovate and achieve sustained high performance. This is a key part of our Values—Human, Bold, and Outstanding.