Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals.Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years.As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the world''s largest markets, key financial centres and major growth hubs.At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas.We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And we''re focused on areas of growth that affect every business across the world.All of this is achieved by supporting the growth of our people, who help us deliver on our ambition which is to help you achieve yours.Herbert Smith Freehills Kramer: Your goals. Our ambitionThe OpportunityInformation TechnologyEfficient and effective IT systems are essential to the effective operation of a global law firm like Herbert Smith Freehills. The information technology team keeps our global team of lawyers and the supporting business services staff connected whether we''re in the office or on the move. Information technology is responsible for everything information systemsrelated. That includes:technical support: IT helpdesks, asset management (including laptops and mobile devices) and technical traininginfrastructure: networks and systems, servers (real and virtualised), disaster recovery, business continuity and IT securitydevelopment: designing and acquiring business applications.While the roles within the division may vary, all involve providing the very best services and systems. You may also have the opportunity to work on challenging projects across the firm.To succeed, you will have a strong focus on client service, be able to come up with creative solutions and see beyond complexity to identify the core issues facing the business. In return, we can offer a rewarding career at the forefront of the legal and IT professions, with significant scope for professional development.Key ResponsibilitiesThe role is responsible for IT Security operations, management processes, procedures and related operational documentation within the UK, EMEA regions. Although having regional responsibilities, it is key that this role works closely with the Senior Manager, IT Security, Australia & Asia to ensure consistency and collaboration is fostered.The Senior Manager, IT Security will apply risk management techniques to identify security weaknesses and work with all IT teams to mitigate them, using the firm''s existing ITIL-aligned change management framework. The role also involves providing technical security guidance and support to the firm, e.g. working with fee-earners to provide responses to client data security audits, and support to projects (related to IT Security).Operationalo To proactively monitor and manage security logs, and take appropriate and timely action to resolve, educate and escalate where necessaryo Liaise with our outsource partners to ensure accurate reporting and remediation of security issues.o Ensure that the technical operational procedures and documentation for IT security are up-to-date, relevant and thorough; this extends to departmental documentation, documentation for the wider business and where appropriate for clientso Maintain an up-to-date and in-depth knowledge of cyber security and associated techniques and technologies, and disseminate this within the function and, where appropriate, within the wider IT teamo To provide IT Security guidance and knowledge to fellow Senior Management team memberso To provide users awareness, education and training on IT security, using various methods including poster campaigns, comms and awareness sessionso Supplier Management - Provide advice and input regarding IT security with regards to the departments and firm''s suppliers and partners where appropriate.Assuranceo To identify potential areas of non-compliance or inappropriate practices, conduct a successful investigation into the circumstances and construct an appropriate response including forming the business case where necessaryo Ensure that the capability is present to identify, investigate and communicate as appropriate, significant IT Security breaches. It is to be ensured that such cases are closed quickly and authoritatively without error or omission that could undermine the service. It is also vital to identify root causes for such events and effectively mitigate against future occurrences through lessons learnto To provide, oversee and manage an IT security assurance function that facilitates the implementation of HSF (UK, EMEA) projects and services in all regions. This includes interactions with 3rd party specialists such as penetration testers where all work must be appropriately approved and managed to preserve the integrity of the service. Changeo Ensuring that all new HSF (UK, EMEA) projects and changes to existing services are security-impact assessed against HSF''s securing controls, attending Change Board meetings as appropriate and escalating as requiredo Within an environment of empowered users, provide solutions to their business demands such as greater mobility and flexibility whilst maintaining the security of the firms systemso Ensuring our services have security embedded that is commensurate with both the evolving threat landscape and identified risks o Provide the firm''s users with the support and knowledge to be able to take individual responsibility for IT security in their own environmentso Oversee the ISO/IEC27001/2 process, where implemented, to ensure continued certification and continuous improvemento To provide input to strategic oversight on global information security matters, including projects limited to specific geographic regions and global projectsQualifications, Skills and ExperienceWorking knowledge of a broad range of security technologies e.g. encryption, multi-factor authentication, endpoint protection, IDS/IPS, access control, vulnerability management toolsets, malware defences, protective monitoring, physical security controls, SIEMA solid understanding of security concepts and principles, including the ability to identify and measure attack vectorsAbility to structure a reasoned business case for undertaking security improvementsA good knowledge of current Windows server operating environments, Active Directory and Group PolicySolid knowledge of prevalent smart device platforms (BlackBerry 10, iOS, Android) and related security technologiesKnowledge of network security devices and associated protocolsExtensive knowledge of ISO/IEC27001/27002:2013Awareness of ISO/IEC22301, ISO/IEC27035 and ISO/IEC27005Working effectively in a matrix-managed environmentDemonstrable experience of supplier management and commercial acumenA minimum of 5 year''s relevant IT Security experience preferably within a networking environmentAbility to write structured guidance to the business regarding matters of IT securityFamiliarity with current trends and recent developments in IT securityITIL Service Management Foundation certification (or equivalent) would be desirable but is not essentialCISSP or CISM certification would be preferredAn innovative mindset, curious about AI and emerging technologies.TeamInformation Technology Working PatternFull timeLocationSydneyContract typePermanent ContractDiversity & InclusionWe are committed to attracting people from all backgrounds and creating a respectful and inclusive culture where everyone thrives. We see this as essential to our success, including our ability to innovate and achieve sustained high performance. This is a key part of our ValuesHuman, Bold, and Outstanding.
Job Title
Senior Manager, IT Security