Practice Area/Department Technology / IT / Information Security PQE Level N/A Description
Travers Smith is a leading full-service law firm, with a wealth of experience in its areas of specialisation. The firm has a market-leading reputation for its international expertise in Asset Management, M&A and Dispute Resolution & Investigations. Clients include asset managers across the alternative asset classes (private equity, venture, credit, infrastructure and real estate), publicly listed and private companies, financial institutions, and other business enterprises involved in large and complex UK and cross-border matters, transactions and disputes. Our purpose is to provide the highest quality of service to our clients whilst enabling our people to achieve professional fulfilment in a supportive, inclusive and enjoyable working environment.
Department
The Technology group is responsible for the delivery of all Technology services within the firm. The group is a business services function that supports and contributes to the objective of the legal practice. The Technology department consists of service delivery, business systems, training, technical operations, security operations, legal products, engineering, eDiscovery and information security. The Technology department supports the business with strategic technology delivery. The department is committed to providing a high quality of service to its clients and the clients of the firm. This is a high-profile opportunity to shape the information security agenda and play a key role in safeguarding the firm's reputation and competitive advantage.
The Role
Reporting to the Senior Information Security Officer, the Information Security Manager holds a pivotal position with firm-wide influence and regular engagement with senior leadership. You will shape and deliver the firm's governance, risk, and compliance (GRC) strategy, safeguarding information confidentiality, integrity, and availability across all business operations. As a leader, you will drive risk management, audits, client assurance, policy governance, and incident response and resilience programs. As a visible ambassador for information security, you will advise and influence senior decision-makers, directly shaping the firm's security posture and reputation in the market. This role operates with delegated authority in risk treatment, policy implementation, and operational controls, and acts as a trusted advisor to both internal and external stakeholders. You will ensure ongoing compliance with ISO 27001 and regulatory requirements while championing innovative technologies and process improvements. This opportunity offers professional growth, sector engagement, and the ability to make a lasting impact on the evolution of the firm's information security function.
Key Responsibilities
1. Oversee all aspects of managing the firm's Information Security Management System (ISMS), including policy management, compliance monitoring, risk management, audit, and continuous improvement to ensure sustained compliance with ISO 27001 and evolving regulatory, business, and client requirements
2. Act as an advisor to the firm's senior management, partners, and key committees on information security risk, compliance, and strategic initiatives, ensuring information security is embedded in business decision-making at the highest levels
3. Exercise delegated authority to determine and implement appropriate risk responses, approve security policies, and make decisions to support compliance and business objectives
4. Own the risk register, conduct regular risk reviews with risk owners and deliver actionable insights to senior management
5. Oversee and continually assess information security risks associated with third-party vendors and suppliers
6. Lead cross-functional collaboration with Technology, Risk & Compliance, Procurement, and other business service and legal teams to deliver integrated information security governance and assurance
7. Lead on the delivery and quality of client security audits and pitch responses
8. Monitor regulatory and client expectation changes, advising on compliance and strategic roadmap
9. Prepare and present executive-level reports for the ISMS Committee, directors, or partners, ensuring timely escalation of risks and influencing decision-making
10. Coordinate and deliver user awareness programmes with evidence-based metrics and improvement proposals
11. Oversee and support data subject access requests and process improvements
12. Support incident investigations, facilitate lessons learned, and recommend changes in process or strategy
13. Support incident response and business continuity through tabletop exercises and plans or playbook maintenance
14. Identify, evaluate, and implement opportunities for innovation, automation, and process optimisation to enhance efficiency and effectiveness, and champion the adoption of cutting-edge technologies to strengthen the firm's information security capabilities
15. Play a key role in AI risk management and governance, ensuring robust controls are implemented to support responsible AI adoption, while striking a pragmatic balance between security and minimising friction for innovation and business value creation
16. Demonstrates a commitment to excellence and delivers consistently high performance, ensuring that the information security function sets the benchmark for best practice within the firm
17. Provide leadership and day-to-day management for information security team members, including mentoring and performance development
18. Monitor the external environment for emerging threats, regulatory changes, and security trends, maintaining up-to-date GRC knowledge through threat intelligence, industry forums, and engagement with external partners and vendors
19. Represent the firm at external forums, sector working groups, and with clients during assurance or industry events to maintain awareness and enhance the firm's reputation
Key Stakeholders
20. Chief Technology Officer
21. Director of Technology
22. Technology Senior Management
23. Chief Risk & Compliance Officer
24. Data Privacy Counsel
25. Head of Procurement
26. ISMS Committee
27. Business Development & Communications and PR
28. External auditors and client representatives
Personal Specification - Experience, Skills & Attributes
Required experience
29. A minimum of 3+ years' working in an Information Security Management role in a law firm or other regulated professional services environment
30. Strong track record of leading and managing an ISMS including risk management, audit and continuous improvement
31. Proven experience applying risk management frameworks and leading risk-based assessments, including delivering executive reports with recommended actions and risk treatments
32. Proven experience in policy governance, delivering awareness programmes and cyber incident response practices
33. Proven experience responding to client audits, supporting pitch documentation, and engaging with cyber insurers
34. Proven experience building and maintaining strong cross-functional partnerships with operational teams to uphold and enhance the information security team's reputation and influence within the firm
35. Experience with data subject access requests
36. Experience managing, mentoring, and developing information security teams within a professional services setting
37. Recognised professional qualifications in information security (e.g. CISM, CISSP, ISO 27001 Lead Implementer/Auditor)
Beneficial
38. Experience embedding security throughout the SDLC, collaborating with technical and development teams to integrate SecDevOps principles for risk and compliance management
39. Experience managing, mentoring, and developing information security teams within a professional services setting
40. Experience managing budgets and resource allocation
Personal Attributes
41. promoting a positive security culture
42. Excellent communicator with the ability to influence, advocate for information security best practices, and build strong relationships with stakeholders at all levels, including senior leadership, both internally and externally
43. Skilled at translating complex technical concepts into clear, accessible language for non-technical audiences
44. Engaging and approachable, fostering trust and building rapport easily with stakeholders and team members at all levels
45. Demonstrates a collaborative, team-oriented approach, readily supporting colleagues and sharing knowledge to achieve common goals
46. Demonstrates adaptability, flexibility, and a positive, solutions-focused mindset
47. Approaches challenges with a strategic understanding of the wider business context
48. Remains calm and effective under pressure, with a proactive approach to improvement and automation
49. Highly organised, with a rigorous and methodical approach to planning and prioritising work in a fast-paced environment
50. Acts with integrity, accountability, and reliability, upholding the highest standards of confidentiality and professionalism
51. Committed to continuous professional development and eager to engage with industry networks and contribute to the firm's thought leadership in information security
We are excited to have moved from our London headquarters in Snow Hill, to a brand-new building in the City - Stonecutter Court.
Diversity & Inclusion statement: We value and celebrate the unique backgrounds, perspectives, and experiences of every individual including differences in gender, ethnicity, disability, faith, and more. We're committed to building an inclusive workplace that reflects the diversity of our clients and communities, where everyone feels empowered, respected, and heard. We actively partner with organisations and networks that champion equality and fairness, ensuring our policies and practices uphold these values.
Accessibility statement: If individuals have any accessibility issues when reviewing this document, please notify a member of the Travers Smith HR team so that the document can be provided in your preferred format, such as large print, audio, or braille.
Support and Adjustments for candidates: We are committed to ensuring that people who are disabled or have a long-term condition are empowered in their identity, valued equally, and listened to. If we can adjust the recruitment process to make it more accessible, please let us know. For further information please visit our website: Recruitment - Support and adjustments for candidates | Travers Smith