Information Security & Business Continuity Manager

Weightmans is a Top 45 law firm with offices throughout the UK. Having been recognised as the leading legal employer at the annual Britain's Top Employers awards and achieved several top rankings in Chambers UK 2016, we are immensely proud of the work we carry out for our clients and the culture we provide to our people.

Our Risk & Compliance team supports Weightmans’ risk and compliance issues, including: auditing; business continuity; compliance; data control; and money laundering.

To be responsible for the management and maintenance of our Information Security ISO certificate and Business Continuity frameworks, creating, implementing and maintaining the necessary policies and procedures required to protect Weightmans’ clients, employees and other stakeholders’ from the loss, misuse, corruption or unacceptable disclosure of information andor serious business continuity incidents.

Key responsibilities

• Responsible for the Information Security and Business Continuity (IS&BC) data and information frameworks, creating the necessary policies, procedures and controls.

• Responsible for short and long term IS&BC planning, ensuring they are effectively implemented to the required standards

• Retain and develop the firms ISO certification status

• Responsible for managing all non conformances from ISO audits

• Schedule & Chair the Information Security Management & Business Continuity Steering Group

• Manage, log and report on IS&BC breachesincidents, developing and implementing solutions to minimise future repeats

• Scope, schedule and audit our current IS&BC processes, identifying potential risks and report on exposures and make recommendations for improvement

• Responsible for conducting audits of the Information Security and Business Continuity provisions of Weightmans’ suppliers

• Manage the Business Continuity process if it were to be invoked

• Manage testing of the Business Continuity Plan

• Liaise with key stakeholders to gain an understanding of their IS&BC requirements

• Perform regular IS&BC risk assessments and apply and associated treatments

• Create and deliver IS&BC guidelines, materials and training events to engender a best practice approach

• Act as the ‘go-to’ person for IS&BC queries

• Represent IS&BC at relevant meetings and committees

• Represent the firm as the IS&BC subject matter expert (SME) at client functions

• Advise on, and provide management information on, IS&BC for use in tenders, client relationship management initiatives, audits etc.

• Keep abreast of changes in IS&BC regulations and best practice, actively maintaining your specialist knowledge

• Ensure the Firm is operating in line with relevant industry regulations (ie ISO standards)

• Ensure the firm retains its current and future IS&BC ISO certificates

• Manage contractors and suppliers involved in our IS&BC processes

• Responsible for cost centre budgeting and spend for IS&BC

• Manage and chair the IS and BC Management Group and provide periodic management reports for the Operations Director and Board

• Work towards and implement the ISO/IEC 22301:2012 Business Continuity standard to successful certification.

• Comply with relevant policies and procedures

• Work in accordance with Weightmans’ values

  This list is not intended to be exhaustive and you will be expected to perform other duties and have other responsibilities that fall within the wider remit of the role.

• Proven background in Information Security and Business Continuity management

• Thorough and demonstrable knowledge of Information Security & Business Continuity threats, processes, protection methods, etc.

• Experienced in leading on ISO27001-6 and ISO22301 frameworksstandards

• Desire to succeed

• Excellent communication and networking skills

• Logical and methodical approach to problem solving

• Ability to work well under pressure and to timescales

• Ability to manage own workload and prioritise workload effectively

• Demonstrable experience in Microsoft Office packages and in using IT generally

• Ability to explain technical issues to a wide audience

• Proven experience of Risk and Incident Management

• CISM Qualification essential

• Knowledge of current statutory and regulatory requirements relating to information security and business continuity essential

• CISSP/CISA Qualifications preferred

• PRINCE2 or other relevant Project Management qualification preferred

• Experience of working in a professional services firm, preferably a law firm

Please note:

• Any reference to experience or PQE in our adverts or job descriptions is to be used as a guideline only. We welcome applicants from all backgrounds and with different levels of experience who can demonstrate that they fulfil the requirements of the role.

• The successful candidate appointed to this role will be subject to our standard background checking process, and any offer of employment made is conditional upon successful completion of those checks. Further details can be obtained from the Recruitment team.