Information Security Manager

Farrer & Co is renowned for its discretion, commitment, technical flair and pragmatic approach to providing solutions for our clients' complex affairs.

Our collaborative approach and "one firm" policy promotes a strong bond both between the different departments of the firm and between partners and staff; each and every person having played a part in putting Farrer & Co in the strong position it is in today.

Our reputation and success is based on the goodwill of numerous close client relationships. We are trusted advisers, acting in our clients' long-term interests and paying careful attention to quality and personal service.                                                                         

Our clients tell us they value us for our integrity, good judgement and professional excellence, as well as our broad perspective, practical solutions and value for money. They describe us as 'a likeable bunch' too.

As a progressive technology team, Farrers IT have delivered a number of industry firsts. We lead on cloud based systems and mobility, delivering projects and managing systems which allow our staff to work regardless of their location. Technology is key to our business, so proactive and forward thinking IT staff are essential elements in our success.

The Information Security Manager role is to design, manage, maintain and continually improve the firm's information security systems, policy and process. This role encompasses the strategic aspects of information security whilst retaining close involvement with the technical/operational activities. The role will involve direct engagement with business, clients and suppliers as well as line managing the Information Security Analyst. The role holder will take the lead in any information security incident response as well as advising on security aspects of all existing and incoming systems.

The IT Department's mission is to meet and exceed customer expectations and deliver outstanding service. We contribute to the success of the firm through the provision of timely and consistently high-quality service at every point of customer contact.

• Serve as the primary point of contact for the Information Security function;

• Take ownership of incoming client security questionnaires and audits;

• Project lead on Information & IT security related programmes such as Cyber Essentials+ and ISO27001;

• Work closely with the Risk and Compliance team to ensure adequate security is applied to client data, retention policies are adhered to, and audit reports or subject access requests are dealt with effectively;

• Continual improvement of the firm's information security posture through constant awareness of issues and threats, applying the appropriate controls in a timely and effective manner whilst maintaining productivity;

• Develop and maintain the Information Security policy suite including communication with relevant stakeholders;

• Implement and oversee technological upgrades, improvements and major changes to the information security environment;

• Communicate information security goals and objectives effectively with other individuals and teams across the firm;

• Collaborate with relevant IT Department colleagues and third parties to maintain and manage security, including pathways into and out of our network;

• Organise and manage regular technical and physical penetration testing exercises, reviewing the results and facilitating associated change;

• Work with internal project teams to ensure security is always considered and tested before implementation;

• Work closely with the IT Director on the regular Information Security training programme for the firm;

• Champion data security best practices, raising awareness throughout the firm by offering guidance and education where necessary;

• Line manage and ongoing development of the Information Security Analyst.

• Formal security-related qualification, such as CISSP, CISM or CRISC and/or degree equivalent;

• Gravitas to lead the Information Security function and engage with senior stakeholders;

• Excellent people management and interpersonal skills;

• Excellent written and verbal communication skills;

• Excellent customer service skills and MSSP/Vendor Management;

• Self-motivated, able to seize initiative and take responsibility;

• Proven track record in managing, developing and maintaining IT Security policies, processes and procedures;

• Regularly keeping up to date with security best practices, updates, news and events.

Important:

Experience in at least 3 or more of the following is also required:

• Fundamental knowledge of Windows AD, GPO, O/S and general networking;

• Cloud Security (MS O365 and Azure)

• Email Security (Mimecast/Tessian/OnDMARC)

• Check Point firewall management;

• Vulnerability Management (Tenable Security Centre)

• Privilege Access Management (Thycotic)

• Security Best Practice and Standards (ISO27001, Cyber Essentials Plus)

• Identity and Access Management (OneLoginOkta)

• Endpoint Protection (McAfee/ MS Defender)

Our office hours are 09.30 to 17.30 but it is essential that the applicant is committed, flexible and prepared to work beyond the normal office hours when necessary and in response to demand.