🌎
This job posting isn't available in all website languages
📁
Technology
📅
JR-1331 Requisition #

Closing Date 30/11/2020

Summary

Clifford Chance is one of the world's leading law firms, helping clients achieve their goals by combining the highest global standards with local expertise.  The firm has unrivalled scale and depth of legal resources across the three key markets of the Americas, Asia and Europe and focuses on the core areas of commercial activity: capital markets; corporate and M&A; finance and banking; real estate; tax; pensions and employment; litigation and dispute resolution. 

Alongside world-class legal careers, Clifford Chance offers excellent opportunities in the support functions that underpin its business operations. By joining us in business services, you will help us to innovate in the way we deliver our services and enable us to run a successful multinational business that never stands still.  Business services are integral to the running of the firm and are critical to its success. 

Job Purpose    

•    The Head of Cyber Security has the skill and knowledge to work across a wide variety of portfolios in the Cyber Security domain
•    This role will lead all efforts in the Cyber Security space, which will include running of the CSIRT and Management of our MSSP portfolio.
•    This role will be responsible for overseeing the Vulnerability Management portfolio and engagement with over service owners to remediate vulnerabilities in an appropriate timeframe.
•    Primarily this role focuses heavily on Clifford Chances MSSP investments and approach, both internally and externally with our security partners.
•    This role focuses on the implementation of Cyber Security across multiple portfolios within the CC IT space. It is a key role in driving Security transformation and helping to ensure that the end vision is being delivered in a secure and resilient way while focusing on the overall experience to the users through out MSSP and Cert functions
•    The Head of Cyber Security will collaborate with our operational functions will work to build out our Cyber Security and security engineering services to meet our best of bread approach.
•    At portfolio level, the Head of Cyber Security provides guidance relating to Cyber security with regards to Business changes, changes in underlying technologies, emerging standards, competitive changes and other factors, which may drive the business in directions that are outside the purview of agile portfolios. 
•    The Head of Cyber Security will not only be able construct and execute Cyber Security planning but will also be able to conduct exercises to measure capability and growth.

Key Responsibilities    

•    To make sure that we manage our MSSP in the most cost-effective optimal way and derive value for the firm.
•    Maintain a high-level holistic vision of Security within enterprise solutions and CC development initiatives, both internally and externally with partners.
•    Security Incident Management within the firm to resolution with other parties such as the MSSP and Service Management
•    Promote Security within the firm at all levels
•    Application of Cyber Security and engineering knowledge to SaaS, PaaS & IaaS cloud solutions.
•    Have a strong knowledge of cloud solutions and demonstratable practical experience with Widows, Linux and networks including mobile and web-based platforms.
•    Have a working knowledge of Security Testing, identification of OS, Infrastructure, Application and Middleware security vulnerabilities and remediation.
•    Oversee and address vulnerability management services for IT based services.
•    Cyber Security knowledge should include on container/cluster-based solutions included Docker, Kubernetes, AKS and fundamentals of Data Science.
•    Strong knowledge of engineering approaches for Identity Management and federation including SSO options Okta, ADFS, RSA, SAML and MFA
•    Have a working understanding of Cloud Acceleration, SD-WAN, DDoS and network-based controls such as Zero Trust Networks, reverse proxies, Next Generation Firewalls, Web Application Firewalls, IPS/IDS, Conditional Access
•    Be aware of Cloud based assurance and risk models and their application, including CSTAR Gold and other associated frameworks.
•    Have knowledge of virtual and physical networking, including routing, switching, firewalls, DNS, encryption.
•    Understand Linux and Windows server concepts, including scripting, PowerShell and automation technologies 
•    Address Cyber Security innovation as part of the future operating models, including automation.
•    Synchronise the following across solutions whenever applicable: 
- System, data security and quality;
- Production infrastructure;
- Solution User experience governance;
- Scalability, performance and other NFRs.
•    Participate in Operation Planning activities with IT colleagues
•    Understand and communicate strategic Information Security themes and other key business drivers for architecture to solution architects and non-technical stakeholders.
•    Contribute an Information and Cyber Security perspective to wider architectural initiatives in the portfolio where applicable.
•    Influence Cyber Security best practices with regards to common modelling, design and coding practices, working closely with our application development teams and technical leads to ensure security across the portfolio.

Key Requirements

    Skills:
•    Cyber Security professional with both CERT Management & leadership, with technical design and engineering expertise in a range of technologies as well as a good well-rounded knowledge set of the Cyber Security frameworks and principles.
•    Extensive senior stakeholder management skills.
•    Leadership skills and management capabilities.
•    Excellent communicator, able to motivate, coach and mentor a strong technical team and stakeholders.
•    Various levels of expertise in a with regards to Agile and Cloud architecture domain (application, data or infrastructure) with broad knowledge of the other architecture domains. 
•    Ability to inform and delivery Cyber Security Engineering services to the wider firm.
•    Ability to lead Cyber Security Exercises with the Executive Leadership of the firm.
•    Ability to manage 3rd party security suppliers
•    Knowledge of the Legal Sector advantageous.

Experience:
You will have extensive experience in the Cyber Security space, and significant experience in an either an Incident Response and Leadership role working at senior level in a global organisation or supporting Senior Leaders.
Mentor and develop junior team members as well as cross skilling across the Information and Cyber Security function.
You will have a well-rounded knowledge of all Information Security & Cyber Security domains. Your experience must be clearly demonstrable and will have worked alongside architects, engineers, developers and support personnel and understand the requirements of architecture frameworks of Information & Cyber Security frameworks such as CSTAR Gold, NIST, Cyber Essentials and ISO27001.
•    Experience in leading and developing teams and functions with both on shore and offshore team members.
•    Previous experience of working for a global professional service environment or corporate organisation such as legal/finance/banking.
•    Solid understanding of multiple security models, architecture and security tools, techniques and frameworks including but not limited to SAFe, CSTAR, NIST, ISO 27001 & Cyber Essentials Plus etc.
•    Solid understanding of secure development principles for multiple delivery methods, Agile, Waterfall etc.
•    Practical experience of Information Security Risk Management and Threat Management. 
•    The ability to champion Information & Cyber Security principles at an enterprise level.
•    Experience of developing IT roadmaps for specific business or technology areas to embed Cyber Security practices
•    Experience of working with multiple, diverse technologies and processing environments. 
•    Adaptability to adapt security to existing and future to a variety of rapidly changing environments.
•    Ability to build information and system resilience into every system and service to meet business requirements.
•    Ability to operate a SOC or supporting MSSP effectivity to drive out value for the firm.
•    Ability to engage with NCSC and obtain security clearance would be advantageous.

Written and Verbal Communications:
•    Highly developed written and verbal communication skills, capable of producing global and sensitive communications to a varied audience at all levels in both Practice Areas and Business Services.
•    Excellent verbal and interpersonal communications skills – some form of customer-facing interaction or consulting experience is a plus. 
Qualifications:
The ideal candidate will have relevant industry qualifications or demonstratable experience


Experience:
You will have extensive experience in the Cyber Security space, and significant experience in an either an Incident Response and Leadership role working at senior level in a global organisation or supporting Senior Leaders.
Mentor and develop junior team members as well as cross skilling across the Information and Cyber Security function.
You will have a well-rounded knowledge of all Information Security & Cyber Security domains. Your experience must be clearly demonstrable and will have worked alongside architects, engineers, developers and support personnel and understand the requirements of architecture frameworks of Information & Cyber Security frameworks such as CSTAR Gold, NIST, Cyber Essentials and ISO27001.
•    Experience in leading and developing teams and functions with both on shore and offshore team members.
•    Previous experience of working for a global professional service environment or corporate organisation such as legal/finance/banking.
•    Solid understanding of multiple security models, architecture and security tools, techniques and frameworks including but not limited to SAFe, CSTAR, NIST, ISO 27001 & Cyber Essentials Plus etc.
•    Solid understanding of secure development principles for multiple delivery methods, Agile, Waterfall etc.
•    Practical experience of Information Security Risk Management and Threat Management. 
•    The ability to champion Information & Cyber Security principles at an enterprise level.
•    Experience of developing IT roadmaps for specific business or technology areas to embed Cyber Security practices
•    Experience of working with multiple, diverse technologies and processing environments. 
•    Adaptability to adapt security to existing and future to a variety of rapidly changing environments.
•    Ability to build information and system resilience into every system and service to meet business requirements.
•    Ability to operate a SOC or supporting MSSP effectivity to drive out value for the firm.
•    Ability to engage with NCSC and obtain security clearance would be advantageous.

Written and Verbal Communications:
•    Highly developed written and verbal communication skills, capable of producing global and sensitive communications to a varied audience at all levels in both Practice Areas and Business Services.
•    Excellent verbal and interpersonal communications skills – some form of customer-facing interaction or consulting experience is a plus. 
Qualifications:
The ideal candidate will have relevant industry qualifications or demonstratable experience

Interested? To find out more about what it is like to work at Clifford Chance in London please visit our careers site


Equal Opportunities

At Clifford Chance we understand that our true asset is our people. We believe that each and every one of us should experience an equality of opportunity and an equality of experience here. We are always working to develop and deliver the best and most innovative approaches to make that happen. Inclusion is good for our team and their families, our firm and society. 

We are therefore committed to treating all employees and job applicants fairly and equally regardless of their gender, gender identity and expression, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation, or age.  This applies to recruitment and selection, terms and conditions of employment including pay, promotion, training, transfer and every other aspect of employment.

The firm will regularly review its procedures and selection criteria to ensure that individuals are selected, promoted and otherwise treated according to their relevant individual abilities and merits.

We have a number of initiatives and networks that support our aspiration to be the Global Law Firm of choice. These include our LGBT, Gender Parity, Ethnicity and Disability networks. 

#LI-POST #LI-WRAP #IND
 

Previous Job Searches

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My applications

View your applications

My applications