The firm DMH Stallard is an award winning South East law, Legal 100 firm with offices in London, Brighton, Gatwick, Guilford, Horsham and Hassocks and uses a wide range of IT applications. DMH Stallard has grown rapidly since it was established in 1970, and has a headcount of approx 385. The role of Information Security Officer & Cyber Security Lead is a permanent role within its IT Group, leading on the firm’s Information Security and regulatory compliance assurance. The department Primary purpose and scope of the role As DMH Stallard’s Information Security Officer & Cyber Security Lead, you will play a pivotal role in shaping the firm's cyber resilience strategy. This role involves providing expert guidance to stakeholders on information security matters, managing technical cybersecurity tools and operations, and overseeing compliance with regulatory standards. You will lead the development and execution of the firm’s cyber and information security strategy, ensuring alignment with ISO 27001, GDPR and Cyber Essentials. The ideal candidate combines strong information security experience with hands-on technical knowledge of SIEM, EDR, vulnerability management, and incident response, and can translate technical risk into actionable business advice. Key Responsibilities: Serve as a subject matter expert for information security across the firm, advising stakeholders on risks, controls, and security best practices. Support business units with risk-based security input for projects, client bids, and technology initiatives. Partner with the Risk & Compliance team to develop and evolve policies, procedures, and working practices to improve the firm’s security posture. Liaise with Legal, HR, MBD, and client compliance teams to address security-related queries and client assurance requests. Manage cybersecurity tooling including SIEM, EDR, and mail filtering systems to ensure effective threat detection and response. Monitor, investigate, and respond to alerts and incidents, coordinating with internal teams and third-party providers. Oversee regular vulnerability scans and third-party penetration tests; track and report remediation efforts. Lead the Incident Response process and support forensic investigations as needed with support from third-parties. Maintain the internal compliance programme for information security and data protection, including ISO27001, GDPR and Cyber Essentials requirements. Conduct internal audits and produce actionable audit reports to drive continual improvement. Provide compliance assurance reporting to IT leadership and the Information Security Group. Support GDPR activities including subject access requests, data mapping, and third-party security reviews. Promote a security-first culture through staff training, phishing simulations, and collaboration with Learning & Development. Contribute to policy development, training content, and business continuity planning. Other information Skills & Experience- Essential Strong understanding of information security principles, risk management, and compliance (ISO 27001, GDPR, Cyber Essentials). Hands-on experience with cybersecurity tools. Ability to advise non-technical stakeholders on security risks and controls. Experience conducting or supporting internal security audits or assessments. Solid understanding of IT infrastructure (e.g. networking, Active Directory, endpoint security). Excellent communication and stakeholder engagement skills. Skills & Experience - Preferred Certifications such as CISSP, CISM, CISA, Security, or equivalent. Knowledge of legal or regulated environments (e.g. SRA Code of Conduct). Experience supporting business continuity or disaster recovery planning. Benefits: 25 days holiday (of which 3.5 are taken during the Christmas period), plus Birthday holiday, plus Bank Holidays. Life Assurance Private Healthcare Employee Assistance Programme Sodexo Discounts Pension Scheme Interest free season ticket loans Cycle to work scheme Discounts on Legal work