We’re recruiting on behalf of a leading legal firm for an Information Security Manager to lead and strengthen their information security function. This is a hands-on, strategic role where you’ll manage a small team, oversee ISO 27001 and Cyber Essentials Plus compliance, and drive continuous improvement across the business. What You’ll Do: * Develop and deliver the firm’s information security strategy. * Lead and mentor a small team of IT security professionals. * Own ISO 27001 implementation and Cyber Essentials Plus certification. * Manage operational security: endpoint protection, M365 security, SIEM/SOC, vulnerability management, and incident response. * Lead security projects and embed “Secure by Design” principles across initiatives. * Build strong relationships with stakeholders and deliver security awareness training. What We’re Looking For: * Proven experience in information security management, ideally in professional services. * Hands-on experience with ISO 27001 and Cyber Essentials Plus. * Strong technical knowledge: endpoint security, M365/Entra ID, SIEM, network security, encryption, backup/recovery. * Certifications highly desirable: CISM, CISSP, ISO 27001 Lead Implementer. * Excellent communicator, strategic thinker, and supportive team leader. Why Apply: This is your chance to shape the security strategy for a forward-thinking legal firm, leading critical initiatives while making a real business impact