IT Security Architect

Farrer & Co is an independent law firm, with a rich history. A centuries-long tradition of advising private families, individuals and charitable institutions is today complemented by our work with businesses and entrepreneurs, from asset managers and sports bodies to international media groups.

We look to be the market leader in our chosen areas of expertise, advising clients on the contentious and non-contentious legal, business and personal issues they face.

Our reputation and success is based on the goodwill of numerous close client relationships. We are trusted advisers, acting in our clients' long-term interests and paying careful attention to quality and personal service.

Our clients tell us they value us for our integrity, good judgement and professional excellence, as well as our broad perspective, practical solutions and value for money. They describe us as 'a likeable bunch' too.

As a progressive technology team, Farrers IT have delivered a number of industry firsts. We lead on cloud based systems and mobility, delivering projects and managing systems which allow our staff to work regardless of their location. Technology is key to our business, so proactive and forward thinking IT staff are essential elements in our success.

The IT Security Architect's role is to design, manage, maintain and continually improve the firm's IT security systems, policy and process. This position is a technically focused role, but may also involve direct engagement with business, clients and suppliers. You will take the lead in any IT security incident response and advise on security aspects of all existing and incoming IT systems.

The IT Department's mission is to meet and exceed customer expectations and deliver outstanding service. We contribute to the success of the firm through the provision of timely and consistently high quality service at every point of customer contact.

• Continual improvement of the firm's IT Security posture through constant awareness of issues and threats, applying the appropriate controls in a timely and effective manner whilst maintaining productivity;

• Owner of the IT Security Incident Response policy and process including communication with relevant stakeholders;

• Champion data security best practices, raising awareness throughout the firm by offering guidance and education where necessary;

• Collaborate with relevant IT Department colleagues and third parties to maintain and manage border security, including pathways into and out of our network;

• Testing, application or recommendation of security patches and updates to IT systems;

• Implement server hardening techniques to reduce exposure;

• Manage regular penetration testing exercises, reviewing the results and facilitating associated change;

• Define, develop and report on adherence to policy and process;

• Review and redefine access control levels across the network, devices, services and applications to ensure appropriate privileges commensurate with role;

• Manage and refine end point security and data loss prevention methods;

• Where necessary, work alongside the Risk and Compliance team to ensure adequate security is applied to client data, retention policies are adhered to, and audit reports or subject access requests are dealt with effectively;

• Work with internal project teams to ensure security is 'baked in' to any IT system implemented;

• Proactively monitor, analyse and report on data and system activity, identifying baselines and any subsequent deviations;

• Be the technical lead on IT security related programmes such as Cyber Essentials+, ISO27001 and GDPR.

Essential:

• Fundamental knowledge of Windows Operating Systems and general networking;

• Experience of Check Point firewall management;

• Management of network, intrusion detection and prevention systems;

• Excellent written and verbal communication skills;

• Excellent customer service skills;

• Self-motivated and able to take responsibility;

• Proven track record in managing, developing and maintaining IT Security systems.

Desirable:

Experience in one or more of the following would also be advantageous:

• Cloud based services:

  • Microsoft Azure

  • Cisco ScanCenter

  • Cloud based authentication (Okta/OneLogin)

  • Office 365/Exchange Online

• Formal security-related qualification, such as CEH;

• McAfee Total Protection Suite; specifically ePolicy Orchestrater (ePO), server and desktop anti-virus, DLP;

• MobileIron mobile device management;

• Experience of VoIP, in particular SIP (utilising QoS).

Minimum of Grade A-C in GCSE Maths and English.

• Our office hours are 09.30 to 17.30 but it is essential that the applicant is committed, flexible and prepared to work beyond the normal office hours when necessary and in response to demand;

• Overtime at weekends will be required from time-to-time in order to support project work;

• As this is a new role, we expect the successful applicant to bring the experience, commitment and passion to further define the job description and embed the principles of good IT Security in the culture of the firm.