*Who we are *
Slaughter and May is a leading international law firm, advising on high-profile and ground-breaking transactions around the globe. The firm provides clients with a professional service of the highest calibre, combining our technical excellence with an unparalleled commercial awareness and a practical, constructive approach to legal issues.
We are offering you the opportunity to be part of the team that supports our lawyers in providing outstanding legal advice to some of the world's leading businesses.
At Slaughter and May, we have an underlying sense of pride in who we are and what we do. Our inclusive spirit will ensure your contribution is valued and you will enjoy an open, friendly and supportive culture. As a market leader, we will provide you with excellent benefits, facilities and training opportunities to support you in your career.
*Would you like to join one of the world's most prestigious law firms?*
We are offering a fantastic opportunity for a professional, engaging individual to join us as a Security Project Manager, in our leading London-based Technology Team.
*ROLE OVERVIEW *
The Security Programme Manager will work closely with technical and non-technical stakeholders from the firm's Technology department (e.g. Information Security & Privacy, Network Engineering, Infrastructure Engineering, Service Desk, Service Management, PMO), the broader firm (e.g. end users impacted by the programme) and external vendors to scope and deliver a series of information security related projects.
These include, but may not be limited to, projects in the following spaces:
Network security. Implementing strong (802.1x certificate-based) Network Access Control across the firm's Local Area Networks, and reviewing/improving the firm's approach to network micro-segmentation.
Email security. Implementing Sender Policy Framework (SPF) and/or Domain-based Message Authentication, Reporting & Conformance (DMARC) controls.
Endpoint security. Completing the firm's deployment of Microsoft Defender for Endpoint, e.g. across the mobile device estate; and working with Infrastructure & Operations to deliver incremental improvements against the firm's Microsoft Secure Score, e.g. through viability assessment, testing and progressive implementation of further Attack Surface Reduction rules.
Cloud infrastructure security. Improving the firm's security posture in relation to its use of Microsoft Azure IaaS - e.g. by driving improvements against Azure Secure Score, templating VM images that align to Microsoft/CIS hardening baselines, and creating technical standards and operational processes that deliver a homogeneous IaaS environment.
Identity and Access Management. Includes implementing role-based access control for on premise privileged access; standardising and automating Joiners/Movers/Leavers processes; driving the adoption of Single Sign On and identity federation across disparate SaaS solutions; reviewing and refining the firm's Conditional Access policies based on analysis of relevant use cases and security risks; and reviewing and improving/replacing the firm's third party remote access solution.
*KEY RESPONSIBILITIES *
The Operational teams design, procure, build and manage the firm's IT infrastructure. The specific purpose of this role will be to manage the Operational teams through the delivery of security projects by:
* Acting as the focal point, and driving force, for each project.
* Defining project scope and deliverables, including business/requirements analysis where required.
* Helping to identify appropriate candidate solutions for the fulfilment of security requirements in conjunction with relevant technical SMEs, external vendors and the broader marketplace, in order to steer stakeholders to consensus.
* Helping to define and document proposed solutions, in terms of their high-level architecture.
* Modelling the costs and effort to deliver each project, in order to assist with the production of the relevant business cases and budget submissions.
* Managing relevant vendors, potentially including conducting market-soundings, facilitating scoping calls, obtaining quotes, managing vendor due diligence and on-boarding, and managing vendor project delivery performance.
* Defining, maintaining and tracking performance against detailed project delivery plans in each of the time, cost and quality dimensions.
* Capturing, tracking and managing project risks, issues, assumptions, dependencies and conflicts.
* Project administration, including the production and maintenance of project documentation and the production and delivery of project status reports.
* Preparing release-to-production documentation to ensure that the solution delivered can be supported under BAU, including definition of any support / service desk processes required.
* Monitoring and managing project processes and ensure that any elements which fail in the workflow are remedied.
* Anticipating, managing and resolving project issues that arise.
* Tracking and managing project benefits realisation and return on investment.
*CANDIDATE PROFILE *
Candidates for this position must have the following skills:
* A strong understanding of PDLC processes and the Prince2/Agile methodologies.
* A track record of successfully managing IT projects - preferably IT security projects specifically - in a complex enterprise IT environment.
* A good understanding of information security concepts, risks and solutions.
* A good understanding of the key challenges associated with delivering security projects in each of the spaces identified above.
* A good understanding of the ITIL framework - particularly how to prepare an IT organisation to support a project deliverable once it is released into production.
* Excellent written and verbal communication skills.
* Excellent attention to detail.
* The ability to work independently and within a team.
* The ability to take ownership and drive activity across disparate teams.
* The ability to handle ambiguity and to multitask in order to meet deadlines, across concurrent projects.