IT Security & Governance Manager
Our team of business services staff play a significant role in the success of Dentons, and we recruit staff into a wide variety of areas. Here, we look for focused, flexible individuals from a variety of backgrounds who are team players. Previous experience within the legal sector is not essential. We want to give everyone the opportunity to develop his or her potential fully and, therefore, provide support, training and encouragement to members of staff at all levels.Purpose of role
The IT Security & Governance Manager's primary responsibility is to oversee and coordinate governance and security efforts across the organisation in collaboration with other key stakeholders in the business. Responsibilities will include cross-functional management of the governance and security aspects of the work and systems that relate to the delivery of legal services, including the Firm's practice areas and the following departments: Information Technology, Risk and Compliance, Human Resources, Finance, Learning & Development, Marketing and Facilities Management. This role will identify and operationalise risk management initiatives and standards that need to be applied to the operating environment and will work with the technical teams who are responsible for implementing and maintaining the systems.
An important aspect of the role is communication. The position is the primary link between Dentons IT and the legal and support departments ensuring a good two way dialogue for risk management and governance and security best practices.
The Manager will plan, design, and coordinate operational governance activities supporting client-facing services and activities, They will also work closely with decision makers across the organisation to identify, recommend, develop, implement, and support cost-effective technology solutions for all risk related aspects of the organisation.ResponsibilitiesGeneral:
- Define and communicate governance and compliance priorities, including service level expectations,to the IT leadership team.
- Develop and monitor security and governance budgets.
- Develop business case justifications and cost benefit analysis for proposed areas of spending and initiatives. This includes the directing of research on potential technology solutions and, where applicable, the implementation to support new initiatives.
- Support Business Leaders in client-facing engagements and act as an IT Ambassador in client pitches.
- Develops, maintains evaluates, implements and updates related policies and procedures in line with both business requirements and national and international legislative changes, i.e. ISO 9001/27001/22301 processes and procedures.
- In partnership with all of Business Services, ensure IT's services are properly positioned within client RFP responses as well aligning responses at a Global level.
- Coordinate and oversee internal and external client audits as it relates to IT security and compliance.
- Coordinate and oversee third-party IT vulnerability assessments.
- In partnership with IT Leadership team, work with respective IT personnel to ensure awareness and alignment of ongoing client, industry and best practice compliance obligations.
- Act as business liaison with all Business Services. In this role, engage in ongoing dialog regarding business unit's priorities and IT service requirements to support efficient operations.
- Align services to support Global IT requirements and standards.
- Participate in the Duty Manager Rota.
- Manage staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions for direct reports.
- Establish and maintain regular written and in-person communications with the firm's business leaders, department heads, and end users regarding pertinent governance and securityactivities.
- Obtain and maintain existing and future accreditations in accordance with applicable regulations, client-requirements and industry best-practices.
- Knowledge and experience of industry standards such as ISO 27001, Cyber Essentials.
- Extensive understanding of data handling best-practices and information management and governance.
- Knowledge and expertise of cross-border regulations , such as GDPR and EU data Privacy rules.
- Broad understanding of technology and legal applications preferred (not mandatory).
- Extensive information security experience, across broad security domains.
- Experience working with technical people responsible for implementing security technology.
- Experience in security monitoring, detection, prevention and control systems.
- Ability to stay current with intrusion detection systems, hacker techniques, phishing schemes, emerging logical security threats, and compromised server techniques.
- Ability to dig into details as well as analyse data from a high level view.
- Understanding of the compliance, legal and ethical obligations that organisations should have with respect to logical and physical security, personally identifiable information and data protection.
- Comprehensive knowledge about data handling and security best protocols.
- CISSP/CISA/CISM certification preferred.
- Excellent written and oral communication skills.