Head of Cyber Security and Infrastructure

We are seeking a Head of Cyber Security and Infrastructure to join our global Information Technology leadership team.

The IT department comprises approximately 60 staff across locations including London, Paris, Piraeus, Dubai, Hong Kong, Sao Paulo, Melbourne, Perth, Singapore, and Sydney.

Our vision in the IT team is to deliver a responsive and evolving technology platform, supported by a secure, global infrastructure with data and processes at its core.

This role, part of the global IT leadership team, oversees all aspects of Cybersecurity and the Firm’s IT infrastructure. It involves close collaboration with the Chief Technology Officer to ensure systems and data are secure, available, and performant, aligned with the IT Strategy.

The role requires operating at SFIA levels 6 and 7 within Information Security and Technology Service Management disciplines, including:

• Developing and implementing an enterprise information security strategy aligned with business goals.
• Ensuring compliance between business strategies and information security.
• Providing expertise, guidance, and systems for strategic and operational plans.
• Engaging with stakeholders to develop and manage services meeting security and quality standards.
• Planning and managing processes, tools, and techniques for monitoring technology service performance.

Building strong relationships with key stakeholders and leading a diverse, global team are crucial for success. Additionally, the role involves working with the CTO and IT leadership to develop technology strategy and manage the annual budget, supporting legal services delivery to clients and lawyers.

The Firm offers flexible working patterns reflecting its global nature.

• Lead, develop, and mentor the Cybersecurity and Infrastructure teams.
• Manage strategies and roadmaps for cybersecurity capabilities like email security, DLP, SASE, SIEM, etc.
• Oversee infrastructure strategies, including LANs, WANs, cloud services, etc.
• Manage budgets ensuring value and alignment with strategies.
• Maintain relationships with technology service providers and oversee service delivery.
• Lead the development and maintenance of the security controls framework and compliance.
• Manage security operations, threat monitoring, incident response, and testing.
• Define and steer cybersecurity programs, ensuring industry best practices and emerging threats are addressed.
• Ensure renewal of key certifications like Cyber Essentials+ and ISO27001.
• Participate in the Risk Committee.
• Collaborate on security policies, procedures, and standards across the IT estate.
• Lead incident management, response, and tabletop exercises.
• Oversee security awareness, training, and communication initiatives.
• Report on the effectiveness of security controls and compliance.
• Participate in security assessments, audits, and client questionnaires.
• Support professional development of security and infrastructure teams.
• Perform any other ad hoc duties as required.

• Minimum 5 years’ relevant experience in a law firm or regulated environment.
• Certifications such as CISM, CISSP.
• Experience with IT security systems, governance, incident management, and best practices.
• Deep knowledge of security and infrastructure principles and tools.
• Familiarity with standards like ISO 27001, NIST, GDPR.
• Strong analytical, problem-solving, and communication skills.
• Leadership experience supporting security professionals.

This job description is not contractual and may be amended. HFW promotes equality and diversity. All applications are considered on merit.

HFW processes personal data in accordance with its Privacy Notice, available on our website.

HFW is a global law firm with over 700 lawyers, supporting clients across various industries with a focus on legal expertise and commercial solutions.