Job Description

At Herbert Smith Freehills Kramer, our ambition is to help you achieve your goals.

Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why many are incredibly longstanding. And we enjoy breaking new ground, as we have for over 100 years.



We are where you need us to be. We are in the world's largest markets, key financial centres and major growth hubs. Our international footprint is extensive and committed.




We are at our best tackling complexity and navigating change. We work alongside you on demanding contentious matters, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas.




We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, ESG, infrastructure and resources. And we're focused on areas of growth that affect every business across the world, including technology and digitalisation.



All of this is achieved by supporting the growth of our people, who help us deliver on our ambition - which is to help you achieve yours.



Your goals. Our ambition.

The Opportunity

Role / Primary Responsibilities:

An exciting opportunity within the General Counsel & Risk team as part of our global Information Security team.


The individual will work closely with the UK, Australia and US-based teams in the following primary areas of responsibility, focusing on the UK and EMEA offices:


Providing assurance to external stakeholders, including:

Client information requests (security questionnaires, contract terms etc.) External certification audits Client site audits

Supporting the maintenance of the Firms ISO 27001 certification, in particular:

Preparing new and existing business units for certification/audit. Collating metrics in support of governance and continual improvement. Risk assessing new ways of working, alongside the Risk and IT teams. Assessing compliance with client-specific security requirements within the legal teams. Managing the ISMS tools, documentation and trackers. Supporting internal security audit activities.

Operational Security Oversight

Investigate and manage DLP alerts and user behaviour anomalies, escalating as needed. Support incident response for phishing, impersonation scams, and other security events. Assist with API integration projects to enhance security workflows (e.g., ServiceNow integrations).

Security Awareness & Education

Deliver and monitor phishing simulation campaigns, producing reports and insights. Contribute to security communications and awareness programs across the firm.

Strategic Initiatives

Participate in onboarding new security technologies such as Data Security Posture Management (DSPM). Engage with AI Risk and Governance discussions to support emerging technology adoption.

Stakeholder Collaboration

Build strong relationships with IT, Risk, HR, and legal teams to embed security into business processes Provide practical security advice to internal stakeholders.

Please note this role is concerned with governance, risk and compliance elements of general information security; it is not a technical IT/Cyber Security role albeit a strong appreciation of IT and IT/Cyber Security concepts is required for this role to be successful.

Qualifications / Skills / Experience

Degree educated (technical degree or similar). We would expect the successful candidate to have around three years' experience in information security but may consider those with less experience providing they can demonstrate they meet the required competencies. Strong knowledge of ISO 27001 implementation and certification. Power BI analytics and reporting.*
One or more of the following desired - MSc in security or similar; CISSP; CISA/CISM; ISO 27001 Lead Auditor. Professional Services experience preferable. Adaptable, diligent and works with initiative. Strong relationship builder - internal and external. Familiarity with security tools and systems would be advantageous (e.g., Email DLP, UEBA, phishing simulation). Experience working as part of a global team.

Team

General Counsel and Risk

Working Pattern

Full time

Location

London

Contract type

Permanent Contract

Diversity & Inclusion

We are committed to attracting people from all backgrounds and creating a respectful and inclusive culture where everyone thrives. We see this as essential to our success, including our ability to innovate and achieve sustained high performance. This is a key part of our Values--Human, Bold, and Outstanding.