Information Security Manager
London, GB
About us
At Winston Taylor, we set the standard, together.
Winston Taylor is a transatlantic law firm built for the businesses, people, and markets driving capital and innovation. Here, you're in the room. In the action. Sleeves rolled up.
You'll work with leading clients. Disruptors. Fast-growth companies. And help them to stay one step ahead of the moment and make critical decisions that shape their future. We're present in the U.S., U.K., Europe, Latin America, and the Middle East, combining the scale and speed that clients demand.
You'll be trusted with real responsibility from the outset and build experience through hands-on work. We take your progression personally. We provide the platform. You shape the work around your goals and aspirations.
Step into the moments that matter. Join Winston Taylor.
Position summary
The Firm seeks an experienced Information Security Manager to lead our security strategy, operations, and dedicated team. The successful candidate will work closely with the Chief Information Security Officer, overseeing all aspects of information security across our U.K. and global offices. This leadership role is critical in ensuring effective protection of the firm’s technology assets, client data, and business continuity.
Position responsibilities
Strategic Leadership:
- Develop, implement, and communicate a comprehensive information security strategy aligned with the firm’s business objectives and risk appetite.
- Oversee continuous improvement of policies, standards, procedures, and controls for all offices.
Team Management:
- Lead, mentor and develop a high-performing security team.
- Set objectives, manage workloads and foster professional growth within the team.
Security Operations:
- Oversee operations including threat monitoring, vulnerability management, access controls, endpoint security and incident response.
- Maintain robust cyber resilience measures across on-premise and cloud environments.
Compliance and Risk Management:
- Ensure compliance with GDPR, SRA requirements (for legal sector), ISO 27001/2 standards and other applicable regulations in all jurisdictions where we operate.
- Manage internal/external audits; regularly assess current risks; report findings to senior management.
Stakeholder Engagement:
- Collaborate with partners; business services; fee earners; global office teams to embed a culture of security awareness.
- Act as escalation point for major incidents; coordinate response efforts; conduct post-event reviews; update disaster recovery/business continuity plans accordingly.
Position responsibilities (continued)
Project Management:
- Provide strategic input on firmwide technology projects ensuring secure design principles are followed from inception through delivery.
- Deliver Information security projects and initiatives.
Responding to Client Security Questionnaires:
- Coordinate responses to client security questionnaires by gathering accurate information on the firm’s policies, controls and practices.
- Liaise with relevant stakeholders—including risk/compliance teams—to ensure timely completion that meets client expectations.
- Maintain up-to-date records of standard responses and evidence required by clients during due diligence or ongoing panel reviews.
Business Process Management (BPM) Support:
- Support BPM initiatives by assisting in documentation, analysis and continual improvement of core business processes—especially those relating to information security or compliance.
- Work cross-functionally to ensure process maps are current; contribute expertise on secure workflows within operational improvements.
- Monitor regulatory changes relevant to BPM/security processes ensuring documentation remains aligned with best practice.
Reporting:
- Regularly brief the Chief Information Security Officer/executive board on key metrics; risk posture; incidents; progress against strategic objectives—including updates regarding client questionnaire activity and BPM developments.
Experience, skills, and qualifications
Essential Qualifications and Experience
- Significant experience in a senior Information Security role within legal/professional or financial services.
- Practical knowledge of U.K./E.U./international regulatory frameworks (GDPR/SRA etc.).
- Proven experience leading/managing technical teams in multi-jurisdictional contexts.
- Technical expertise across SIEM platforms, cloud security solutions (e.g., Azure/AWS), endpoint protection suites etc.
- Track record managing incident response/disaster recovery processes in complex environments.
Desirable Skills and Certifications
- Professional certifications such as CISSP/CISM/CISA or equivalent strongly preferred.
- Experience supporting law firm technologies (DMS/PMS/iManage/Workshare).
- Strong interpersonal communication skills – comfortable engaging at partner/board level as well as technical teams.
Click link below for the full job description: