Head of Cyber Security and Infrastructure

We are looking for a Head of Cyber Security and Infrastructure to join the global Information Technology leadership team.

The department

The IT department has approximately 60 staff globally, located in London, Paris, Piraeus, Dubai, Hong Kong, Sao Paulo, Melbourne, Perth, Singapore, and Sydney.

HFW’s Information Technology team’s vision is to deliver a responsive and continuously evolving technology platform, underpinned by a secure, global infrastructure with data and process at its core.

The role

As part of the global IT leadership team, the role is responsible for all aspects of Cyber security and the Firm’s IT infrastructure. Working closely with the Chief Technology Officer to ensure that the Firm’s systems and data are secure, available and performant, in line with IT Strategy.

The role will be expected to operate at the Skills Framework for the Information Age (SFIA) Information Security and Technology Service Management disciplines, Levels 6 and 7, which includes:

Directs the development, implementation, delivery and support of an enterprise information security strategy aligned with the business strategy.
Ensures compliance between business strategies and information security.
Leads the provision of information security expertise, guidance and systems needed to execute strategic and operational plans.
Engages with and influences stakeholders to ensure that services are developed and managed to meet agreed service levels, security requirements and other quality standards.
Plans and manages the implementation of processes and procedures, tools and techniques for monitoring and managing the performance of technology services.

The role will establish strong relationships with key stakeholders in the business. Effective leadership of a diverse team of technology professionals dispersed globally will be essential to success.

Beyond the core focus, the role will work closely with the Chief Technology Officer and the IT leadership team to develop and implement the Firm’s technology strategy and set the annual budget.

The role is pivotal in ensuring that technology supports the delivery of legal services to HFW’s lawyers and clients, thereby enabling the Firm’s strategy.

The Firm has a flexible approach to working patterns and the workplace, which reflects its global nature.

Key responsibilities

Lead, manage, develop, coach and mentor the Cyber and Infrastructure teams, comprising the IT Manager, Cyber Security and IT Manager, Infrastructure, and their team members.
Own the strategies and roadmaps for cyber security capabilities, including email security/DLP, SASE/SWG/CASB, SIEM, etc, ensuring that they evolve and adapt to respond to changes in the cyber threat landscape.
Own the strategies and roadmaps for infrastructure, including LANs, WANs, PAAS/SAAS and other cloud services, etc.
Management of the cyber security and infrastructure budgets, to ensure value for money and alignment with IT, cyber security, and infrastructure strategies and roadmaps.
Maintain strategic relationships with all relevant technology service providers and ensure the timely and effective delivery of IT services.
Lead and sponsor the maintenance and development of the firm’s IT security controls framework, including the operation of controls and compliance with policies, procedures and standards.
Lead security operations, including threat monitoring, incident detection, analysis, and response activities.
Define and steer the Cyber Security programme to implement technical security solutions and controls aligned to industry best practice and the emerging threat landscape.
Ensure the renewal of accreditations, such as Cyber Essentials + and ISO27001.
Attend the Risk Committee.
Collaborate with the wider IT department, in the development, implementation and ongoing assessment of security policies, procedures and standards across the Firm’s IT estate and business.
Act as control and process owner for security incident management and response. Work closely with key stakeholders to ensure incident response plans are up to date and are effectively tested, including facilitation of tabletop exercises to simulate incident response.
Lead Cyber security awareness and internal facing communications and training, such as phishing exercises.
Implement and provide reporting on the effectiveness of HFW’s IT security controls framework, including the operation of controls and compliance with policies, procedures and standards.
Participate in internal security assessments, internal audits, client audits, compliance certifications, third-party risk management and client security questionnaire responses.
Progress the professional development of the security and infrastructure teams to ensure that they remain current in skills and technologies.
Any other ad hoc duties as required.

Key skills and experience required

At least 5 years’ relevant experience in a law firm or comparable organisation operating in a regulated environment.
Certifications such as CISM, CISSP.
Proven experience of working with IT security systems and information security governance, i.e., control frameworks, incident management, operations and application of security best-practices.
In-depth knowledge of security and infrastructure principles, methodologies, and tools (e.g., firewalls, Microsoft enterprise cloud services, VPNs, ZTNA, IDS/IPS, SIEM, Juniper MIST, encryption).
Experience with security standards and frameworks such as ISO 27001, NIST, and GDPR.
Strong analytical and problem-solving skills and can interpret and apply complex technical information and able to explain cyber security to other members of the business.
Leadership experience working to support the development and direction of both directly employed and third party employed IT security professionals.

Additional Information

Kindly note that this job description is not contractual. It will be reviewed periodically and may be amended or altered to meet the needs of the firm.

HFW aims to ensure equality of opportunity, and we are actively working towards improving the diversity of our staff. All applications will be considered only on merit and the applicant’s suitability to meet the requirements of the role.

HFW collects and processes personal data relating to job applicants to manage its recruitment process. The firm is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. For information on how the firm will process your data, please see our Privacy Notice on our website, in the section “What we collect and how we use it”.

Apply now

About HFW

HFW is a sector focused global law firm. We have over 700 lawyers working across the Americas, Europe, the Middle East, Asia and Australia. We take a progressive approach to our roles in commercial business – thinking creatively and pragmatically to support our clients.

Whether we are solving complex issues within the construction, aviation or shipping industries, or providing advice across insurance, commodities and energy we are specialist lawyers here to add value to our clients. We think about the commercial solution first, and then underpin our advice with a solid foundation of legal expertise.

Entrepreneurial. Creative. Collaborative.

Learn more about us

MORE VACANCIES

View all vacancies

IT Service Desk Analyst

London

Full time

Posted 22/04/2025

We are currently looking to recruit a 1st line IT Service Desk Analyst with a minimum of 12 months' IT help desk support experience within a professional services organisation to join our Information Technology team.

View role

View all vacancies

subscribe to our insights

Lorem Ipsum is simply dummy text of the printing and typesetting industry.
Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer.

Sign up