Lead Cyber Security Specialist

We are dedicated to safeguarding the data, systems, and assets of our law firm and wider group against evolving cyber threats. As our Lead Cyber Security Engineer, you will play a pivotal role in shaping and strengthening our security posture across all group entities.

In this role, you will:

• Partner with stakeholders to identify risks and implement effective security controls.
• Lead and deliver cyber security initiatives that enhance protection across the group.
• Take ownership of projects, working with autonomy and accountability to drive measurable improvements.
• Apply your expertise with Microsoft security tools including Intune, Azure, and Windows alongside other leading technologies.
• Ensure the confidentiality, integrity, and availability of sensitive data across all group entities.

This is an exciting opportunity to combine technical expertise with strategic influence, helping us build resilience and maintain trust in a fast‑moving threat landscape.

• Strengthen our security posture by implementing advanced cyber security measures that measurably reduce enterprise risk across all group entities. As a subject matter expert, you will set priorities, lead initiatives, and deliver solutions that keep our firm’s and group’s data and assets secure.
• Streamline and standardise security operations by addressing technical debt, defining clear standards, and improving documentation across the group. You will simplify processes, enhance efficiency, and embed best practice so our teams can remain focused on delivering exceptional service to our clients.

• Designing and implementing cybersecurity policies, standards, and procedures that align with industry best practice and legal/regulatory requirements across all group entities.
• Driving continuous improvement by identifying risks, reducing technical debt, and ensuring security is embedded across systems and processes.
• Staying ahead of emerging threats, tools, and techniques to ensure the group remains resilient.
• Leading security assessments, audits, and penetration tests, ensuring risks are identified, prioritised, and remediated.
• Partnering with the Incident Response team to develop, test, and execute response plans that minimise business impact.
• Working with IT teams to integrate security into infrastructure, applications, and operations.
• Consulting with internal stakeholders‑and occasionally clients‑to translate technical requirements into clear business outcomes.
• Building strong partnerships with third‑party vendors to enhance the group’s defences.
• Engaging business stakeholders to identify opportunities for improvement and championing initiatives that support strategic goals.
• Mentoring and guiding cybersecurity and IT professionals to strengthen skills, knowledge, and capability within the team.
• Acting as a trusted advisor and role model, promoting a culture of accountability and excellence in cybersecurity.

• Minimum 5 years in cybersecurity or a related technology field, with a proven track record of delivering security improvements.
• Strong knowledge of Microsoft 365 security tools, including Intune, Azure AD, and Conditional Access; ability to quickly master new tools and environments.
• Familiarity with legal, regulatory, and industry requirements related to cybersecurity.
• Ability to think creatively and strategically to identify, assess, and mitigate cyber risks.
• Demonstrated experience in developing and implementing security standards, policies, and technical controls.
• Excellent communication skills with the ability to build trusted relationships with stakeholders at all levels, both internal and external.
• Strong organisational skills with the ability to manage multiple priorities, work autonomously, and deliver results under pressure.
• Forward‑thinking, adaptable, and committed to continuous learning and professional development.

We invite you to contribute to our cyber security efforts. As our Lead Cyber Security Engineer, you will play a pivotal role in safeguarding our law firm and its clients from cybersecurity threats.

Please note that this job profile is not an exhaustive list of duties but merely an outline of the key components of the role. You may be required by your line manager to take on additional responsibilities when requested.

The Mishcon de Reya Group is an independent, international professional services business with law at its heart, employing over 1400 people with over 650 lawyers. It includes the law firm Mishcon de Reya LLP and a collection of leading consultancy businesses that complement the firm's legal services. Mishcon de Reya LLP is based in London, Oxford, Cambridge, Singapore and Hong Kong (through its association with Karas So LLP). The firm services an international community of clients and provides advice in situations where the constraints of geography often do not apply. The work the firm undertakes is cross‑border, multi‑jurisdictional and complex, centred around three increasingly entwined and connected sectors: the Innovation Economy, Private Wealth and Capital, and Real Estate. The firm is known as a disputes powerhouse with a formidable capacity firmwide for dispute resolution.

The Mishcon de Reya Group includes consultancy businesses MDR Discover, MDR Mayfair (in London, Singapore and Dubai), MDR ONE, and MDRi (in Hong Kong). The Group also includes MDR Lab, which invests in the most promising early‑stage legaltech companies as well as the Mishcon Academy, its in‑house place of learning and platform for thought leadership. In 2024, the Group announced its first strategic acquisition in the alternative legal services market, flexible legal resourcing business Flex Legal. It also acquired a majority stake in Somos, a global group actions management business. We strive to create a fully diverse and inclusive workplace where all our people are empowered to fulfil their potential. We are proud of our agile working culture and are always happy to talk flexible working.