Information Security Officer
Location: London
Work Arrangement: Hybrid (1 day on-site)
Rate: £400 - £420 per day (Inside IR35, via Umbrella company)
Duration: 6 months initially
Start Date: Immediate
Our client, a leading London-based law firm, is seeking an experienced Information Security Officer to join their team on an initial 6-month contract. This role will be pivotal in safeguarding the firm’s systems and data by assessing the risks associated with third-party vendors and internal projects, identifying vulnerabilities, and recommending appropriate mitigation strategies.
You’ll work closely with cross-functional teams — including IT, Risk & Compliance, Procurement, and Project Management — to ensure adherence to security frameworks and continuous improvement of the firm’s information security governance.
Role Responsibilities:
Security Risk Assessment
* Evaluate security risks associated with internal projects and third-party vendors, considering factors such as security, privacy, and compliance.
* Conduct and document vendor risk assessments in line with the firm’s ISMS and governance frameworks.
* Identify vulnerabilities, assess potential threats, and recommend proportionate mitigation or acceptance strategies.
Information Security Governance
* Ensure compliance with internal security policies, standards, and procedures for projects and associated vendor assessments.
* Develop, maintain, and apply robust methodologies for project and vendor security assessments.
* Contribute to incident response and post-incident review activities, ensuring lessons learned are captured and acted upon.
Supplier Security & Assurance
* Work with procurement teams to evaluate and manage security risks associated with vendors.
* Review and assess vendor security documentation, such as questionnaires, audits, and certifications, to evaluate their security posture.
Risk Management & Compliance
* Apply structured risk management principles to identify, prioritise, and manage information security risks.
* Collaborate with senior stakeholders, project managers and technical teams, to identify and assess security risks and embed security controls into business change initiatives
* Support internal, client, and certification audits (e.g., ISO 27001, Cyber Essentials Plus).
* Deliver security awareness and training sessions as required to promote best practice across the firm.
Essential Skills / Experience:
* Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
* Professional certification preferred — e.g., CISSP, CISM, CISA, or CRISC.
* Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST, CE+).
* Experience in supporting projects from inception through to completion.
* Strong stakeholder engagement skills, able to influence across multiple business functions.
* Experience in co-ordinating and participating in Security audits.
* Working knowledge of data protection and privacy regulations (GDPR, CCPA) advantageous
* Excellent written and verbal communication skills.
If you are passionate about this opportunity and meet the qualifications and skills outlined, we encourage you to promptly submit your CV for consideration. Please note that the duties mentioned above are not exhaustive, and the role's responsibilities may evolve in response to changing circumstances and requirements.
Sure Commercial Limited (trading as Sure Exec Search) is a proud Equal Opportunities employer and does not discriminate against any candidate on the grounds of age, disability, sex, gender identity, sexual orientation, pregnancy and maternity, race, religion or belief, marriage and civil partnerships, or other applicable legally protected characteristics. Our Diversity, Equity, and Inclusion Policy is available on request.