Group Head of Information Security

The OpportunityWe are seeking a highly skilled and experienced Group Security Officer (GSO) to lead our information security strategy and operations. The GSO will be responsible for safeguarding our firm's digital assets, ensuring compliance with relevant laws and regulations, and mitigating risks associated with cyber threats. This role requires a strategic thinker with strong leadership capabilities and a deep understanding of the legal sector's unique security challenges. The Group Security Officer is a leadership role reporting directly to the CIO with close working relations to the Exec, the Board, Directors across the group, and the compliance officer for legal practice (COLP). The CIO team is responsible for Change (Business and Technology), Technology Operations, Applications, Information Security, Resilience, and Risk across all our group companies and brands.
The role holder will be responsible for identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risks to information assets, as well as key business risks, while supporting and advancing business objectives. You will also embed knowledge and best practices on risk avoidance and information security, working with the COLP and other relevant post holders to ensure the group is in line with statutory, regulatory, and industry compliance standards/guidelines as appropriate. The role will also be responsible for enhancing our governance to include emerging AI governance frameworks such as ISO42001, as well as improving our group approach to resilience.

Key Responsibilities:

• Develop and implement a comprehensive security strategy aligned with the firm's business objectives and regulatory requirements.
• Identify, assess, and mitigate information security risks through regular risk assessments and assurance processes.
• Develop, implement, and maintain security policies, standards, and procedures to protect digital assets.
• Ensure compliance with laws, regulations, and standards including GDPR, ISO27001, and CE+ accreditation.
• Lead incident response efforts and develop incident response plans.
• Review and evolve security governance structures, produce security reports, and implement security metrics.
• Support assurance frameworks and facilitate risk management processes.
• Design and implement security architecture in collaboration with the Security Architect, evaluating and recommending security technologies.
• Oversee daily security operations, including monitoring and incident response.
• Promote security awareness and deliver training programs for employees.
• Work with the DPO to ensure GDPR compliance, develop data privacy policies, and conduct DPIAs.
• Manage third-party security assessments, enforce security requirements in contracts, and monitor compliance across the supply chain.
• Provide regular security updates to senior management and the board.

• Leadership experience managing Information Security teams.
• Deep knowledge of security standards, tools, and processes.
• Understanding of GDPR, COBIT, ISO27001, PCI DSS, Cyber Essentials, and risk frameworks.
• Hands-on experience with security technologies and products.
• Knowledge of Business Continuity Management and crisis response.
• Membership or qualification in IISP or equivalent, with certifications like CISSP, ISO27001 Lead Auditor, CISM, or CISA preferred.
• Strong organizational skills, prioritization, and effective communication abilities.

We support flexible, hybrid working, combining home and hub-based work in London or Midlands.
We value diversity and are committed to equal opportunities.
Please note, some applications may close early due to high volume. Employment is subject to background checks.

About Ampa Group
Ampa is a leading group of legal and professional services brands dedicated to fostering growth, collaboration, and shared success across our network of brands and disciplines. Join us to be part of a dynamic, inclusive environment that values your contribution.