Head of Information and Cyber Security

The Law Society is seeking an experienced and visionary Head of Information and Cyber Security to lead their enterprise-wide security strategy. You will define and deliver the security roadmap, manage information and IT risk, and embed a strong security culture across the organisation. Reporting to the Executive Director of Technology & Change, you will act as a trusted adviser, translating complex risks into clear business terms and ensuring they remain secure, resilient, and agile., * Provide strategic leadership for information and cyber security across the organisation.

• Define and implement the security roadmap, ensuring compliance with regulatory frameworks.
• Manage enterprise-wide security and IT risk, including risk registers, control testing, and executive reporting.
• Develop and embed a cross-organisation security awareness culture.
• Oversee security operations and incident response at a leadership level.
• Ensure robust business continuity, disaster recovery, and operational resilience frameworks.
• Design and manage security assurance and audit programmes., This is a unique and exciting opportunity to shape the security posture of a leading professional body, ensuring resilience and trust in their systems and services. You'll work at the heart of the Technology & Change function, influencing strategy and enabling innovation., Please note we're not responsible for the content of job ads, as they're posted by the recruiter. We'll aim to resolve the reported issue and we'll use your feedback to improve the quality of our ads.

We're looking for a proven security leader with:

• A track record in leading enterprise-level information security functions or programmes (Head of, Deputy CISO, or equivalent).
• Deep knowledge of governance, risk management, compliance, and frameworks such as ISO 27001, GDPR, Cyber Essentials, and NIST.
• Ability to balance security risk with business agility using a pragmatic, risk-based approach.
• Experience developing and embedding security awareness across an organisation.
• Strong expertise in cloud security (Azure, M365), data protection, identity & access management, and modern security tooling.
• Understanding of AI, automation, and emerging technology risk management.
• Leadership experience in security operations and incident response.
• Knowledge of business continuity, disaster recovery, and operational resilience frameworks.
• Experience designing and managing security assurance and audit programmes.