Head of Global InfoSec Transformation (EMEA and BISO)

9874BR

Head of Global InfoSec Transformation (EMEA & BISO)

Information technology

London - Bishops Square

Hybrid (combination of office & remote working)

Job description

We are currently recruiting for a Head of Global Information Security Transformation & EMEA Business Information Security Officer (BISO) to join the A&O Shearman London office.
Apply today via the link below or contact for more information.

What you will do
The Head of Global Information Security Transformation & EMEA Business Information Security Officer (BISO) plays a pivotal role in ensuring the effective and efficient operation of the Information Security (InfoSec) function which is located across the United Kingdom, United States and Singapore. Working closely with our new CISO Yolande Young, the global InfoSec team, the wider IT organization, and other key stakeholders, the incumbent supports all aspects of the InfoSec function to amplify its efficacy, including:

• Driving communications and engagement on cyber topics across the organization globally.
• Implementing and maintaining effective management of the portfolio of InfoSec programs, projects and initiatives.
• Embedding a performance culture through effective team and stakeholder engagement and regular reporting.
• Overseeing a range of internal processes related to the running of the function.

In their capacity as EMEA BISO, they act as a trusted liaison between the core global information security team and EMEA regional leadership, alongside regional Business, IT and information security teams, ensuring that the CISO’s directives and initiatives are implemented at the regional level.
They will support both the global information security teams and their regional equivalents where region-specific restraints block or prevent the delivery of initiatives or fulfilment of goals, identifying solutions that balance regional constraints with global security objectives.
This will include:

Operational Oversight

• Oversee, manage and support the portfolio of global information security transformation programs, projects and initiatives, ensuring alignment with strategic objectives.
• Oversee financial planning and budget reporting of the global information security function working closely with the IT COO.
• Assist the CISO in managing dependencies in global information security transformation programs, projects and initiatives within the information security space and more widely.
• Bring focus, pace, and discipline to transformation projects, driving progress in a consistent and transparent way, identifying opportunities, risks and dependencies, and making interventions where appropriate.
• Establish and maintain project tracking and reporting, monitoring the status of global information security transformation projects and pipelines of work, including agreed KPIs and KRIs to the CISO, stakeholders and ExCo.
• Support the CISO with the preparation of business cases, proposals and assistance with high impact presentations.
• Deputise for the CISO during incident response activities, if they are unavailable to perform their duties in the event of a major live incident.
• Contribute to regional information security budgeting and resource planning to ensure adequate support for regional strategic initiatives and operational resilience, without undermining the plans and objectives of the global firm.

EMEA Regional Advocacy and Strategic Alignment

• Liaise with the core global information security leadership and regional Partner leadership, IT and information security staff, ensuring that directives and initiatives are implemented at the regional level across all business units in the EMEA region.
• Build and maintain a strategic roadmap for the region which aligns with both business and client priorities, making use of an intimate understanding of the regional business.
• Ensure that the firm’s overarching information security strategies, goals, and objectives are properly understood at a regional level, and that regional Business and IT stakeholders are aligned in realising these strategies, goals, and objectives.
• Advocate for the information security initiatives, strategies, and activities mandated by the CISO, ensuring a sufficient level of buy-in from regional Business and IT staff.
• Serve as a key point of contact and advisor for the firm’s Partners and business units within the EMEA region around information security matters, including:
• The firm’s global strategy
• Emerging threats in the law sector
• Security initiatives being carried out in other regions
• Any other developments relevant to information security.

EMEA Regional Compliance and Policy Development

• Assist in the development and maintenance of information security policies, standards, and procedures, ensuring that any EMEA region-specific concerns, policies, or procedures are incorporated into global information security policies (e.g., as an appendix).
• Ensure compliance with any relevant local information security regulations (e.g., GDPR) and industry standards within the EMEA region, whilst aligning with standards followed by the global firm (to the highest extent possible) by staying up-to-date with changing and evolving regulatory requirements within the region.
• Ensure that regional business units, IT, and information security staff are compliant with global policies.
• Provide guidance and support to regional Partners and business units within the EMEA region on security-related compliance matters.
• Develop and maintain regional security performance metrics and dashboards to track compliance, risk, and awareness levels, and report regularly to global and regional leadership.

EMEA Regional Support and Implementation

• Support both global and regional information security teams where region-specific restraints block or create tensions in the delivery of initiatives or fulfilment of goals by:
• Ensuring that relevant and legitimate regional concerns around initiatives are heard by global information security leadership in the firm.
• Finding compromises or solutions which satisfy all parties and keep the firm secure globally.
• Support the delivery of any region-specific information security initiatives or activities and ensure they are aligned with the firm’s strategy, goals and objectives.
• Advise regional Partner, Business, and IT stakeholders across the EMEA region regarding information security threats, overall risk levels, and emerging threats relevant to the firm at both regional and global levels.
• Lead the identification, assessment, and mitigation of information security risks across business units within the EMEA region, maintaining a regional risk register and reporting key risks to the CISO and regional leadership.
• Improve information security awareness across the firm’s business units within the EMEA region.
• Partner with HR and Learning & Development to deliver targeted security training and capability-building programmes across business units in the EMEA region.
• Act as the regional escalation point for security incidents, coordinating with global incident response teams to ensure timely and effective resolution and post-incident reviews.
• Support the assessment and monitoring of third-party vendors and partners of business units within the EMEA region to ensure compliance with the firm’s information security standards and regulatory obligations.

Communication and Engagement for Global security transformation

• Establish a stakeholder map and plan an appropriate cadence of engagement and proactively network and manage relationships supporting the CISO in building and maintaining trust and confidence amongst colleagues and stakeholders.
• Effectively communicate the CISO’s information security vision and purpose with impact and credibility, both in person and in writing by exploring new and innovative communications methods that respond to feedback and drive engagement and achieve continuous improvement.
• Collaborate with the CISO and information security leadership to craft key security messages and develop a delivery plan tailored to target audiences and channels.
• Collaborate with the firm’s internal and external comms teams where relevant to shape, align, implement, and execute the CISO comms plan and activities.

Enable a high performing team for Global security transformation

• Manage a broad range of support responsibilities essential for the smooth running of the function, whilst improving operational effectiveness and driving continuous improvement in information security processes and tools.
• Set the cadence, direction, agenda and flow of Information security meetings, facilitating effective ways of working.
• Support the CISO in the design and implementation of transformation initiatives.
• Support the CISO to instantiate key result indicators and key performance indicators for the team for both team and wider business use.
• Support the onboarding of new joiners to information security team and co-own the people and talent strategy for the team together with the CISO and Leadership Team to enable a consistent approach to staff development plans and learning journeys.
• Work closely with the CISO and relevant people managers and HR colleagues to progress and respond to people matters including, workforce planning and recruitment.
• Collaborate with the firm’s local recruitment teams to support recruitment activities directly led by the CISO, including assistance with the drafting of business cases and role profiles and tracking campaign progress.
• Attend all key relevant meetings, deputising for the CISO where necessary.

What you will have

• An MSC in Cyber Security or Computer Science or industry-recognised certifications (such as CISSP, CISM, CRISC, or CISA), or substantially equivalent workplace experience.
• Extensive experience in information security, with a strong focus on risk management and compliance.
• Demonstrated expertise in data protection regulations (e.g., GDPR) and industry standards (e.g., ISO 27001, NIST CSF, SOC 2), with a solid understanding of the regulatory landscape for information security in the EMEA region.
• Experience working across a global organisation, ideally within the legal sector or a similar professional services environment.
• Exceptional communication, leadership, and interpersonal skills, with the ability to influence and engage stakeholders at all levels.
• Capacity to perform effectively in a fast-paced, dynamic environment, managing multiple priorities with resilience and agility.
• Able to interpret financial reports and business strategies accurately and with confidence.
• Aware of and able to implement HR and other Firm policies in respect of management and staff.
• Proven track record in working directly with senior stakeholders, with the confidence to follow up on issues, influence and negotiate where deliverables and outcomes may be conflicting (e.g. motivating investment from stakeholders to meet regional objectives).
• Extensive previous experience working in a busy InfoSec function for a large global organisation.

You will stand out if you bring

• A Bachelor’s degree in Computer Science, Information Security, or a related discipline.
• Significant experience in a leadership role within the legal sector.
• Proficiency in additional European languages beyond English.
• Ability to translate complex cyber security concepts into clear, accessible language for non-technical audiences.
• Experience leading or coordinating cyber risk transformation initiatives within complex, matrixed organisations.
• Broad cyber security knowledge spanning people, processes, technology, emergency operations, and incident management, with an appreciation for how cyber security aligns with business strategy and organisational culture.

What we can offer you

We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, online discounts and lifestyle management services.

Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.
We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.
We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing an onsite gym, wellbeing centre and GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, season ticket loans and online discounts and lifestyle management services.
Our approach to hybrid working seeks to combine and maximise the benefits of effective remote working with the benefits of being in the office. Our current hybrid working arrangements require office based working for a minimum of 60% of your time (i.e. three days per week for a full time role) in accordance with our hybrid working policy.