Head of Global InfoSec Transformation (EMEA & BISO)

We are currently recruiting for aHead of Global Information Security Transformation & EMEA Business Information Security Officer (BISO)to join the A&O Shearman London office.

Apply today via the link below or contact for more information.

What you will do

The Head of Global Information Security Transformation & EMEA Business Information Security Officer (BISO) plays a pivotal role in ensuring the effective and efficient operation of the Information Security (InfoSec) function which is located across the United Kingdom, United States and Singapore. Working closely with our new CISO Yolande Young, the global InfoSec team, the wider IT organization, and other key stakeholders, the incumbent supports all aspects of the InfoSec function to amplify its efficacy, including:

• Driving communications and engagement on cyber topics across the organization globally.
• Implementing and maintaining effective management of the portfolio of InfoSec programs, projects and initiatives.
• Embedding a performance culture through effective team and stakeholder engagement and regular reporting.
• Overseeing a range of internal processes related to the running of the function.

In their capacity as EMEA BISO, they act as a trusted liaison between the core global information security team and EMEA regional leadership, alongside regional Business, IT and information security teams, ensuring that the CISO's directives and initiatives are implemented at the regional level.

They will support both the global information security teams and their regional equivalents where region-specific restraints block or prevent the delivery of initiatives or fulfilment of goals, identifying solutions that balance regional constraints with global security objectives.

This will include:

Operational Oversight

• Oversee, manage and support the portfolio of global information security transformation programs, projects and initiatives, ensuring alignment with strategic objectives.
• Oversee financial planning and budget reporting of the global information security function working closely with the IT COO.
• Assist the CISO in managing dependencies in global information security transformation programs, projects and initiatives within the information security space and more widely.
• Bring focus, pace, and discipline to transformation projects, driving progress in a consistent and transparent way, identifying opportunities, risks and dependencies, and making interventions where appropriate.
• Establish and maintain project tracking and reporting, monitoring the status of global information security transformation projects and pipelines of work, including agreed KPIs and KRIs to the CISO, stakeholders and ExCo.
• Support the CISO with the preparation of business cases, proposals and assistance with high impact presentations.
• Deputise for the CISO during incident response activities, if they are unavailable to perform their duties in the event of a major live incident.
• Contribute to regional information security budgeting and resource planning to ensure adequate support for regional strategic initiatives and operational resilience, without undermining the plans and objectives of the global firm.

EMEA Regional Advocacy and Strategic Alignment

• Liaise with the core global information security leadership and regional Partner leadership, IT and information security staff, ensuring that directives and initiatives are implemented at the regional level across all business units in the EMEA region.
• Build and maintain a strategic roadmap for the region which aligns with both business and client priorities, making use of an intimate understanding of the regional business.
• Ensure that the firm's overarching information security strategies, goals, and objectives are properly understood at a regional level, and that regional Business and IT stakeholders are aligned in realising these strategies, goals, and objectives.
• Advocate for the information security initiatives, strategies, and activities mandated by the CISO, ensuring a sufficient level of buy-in from regional Business and IT staff.
• Serve as a key point of contact and advisor for the firm's Partners and business units within the EMEA region around information security matters, including:
• The firm's global strategy
• Emerging threats in the law sector
• Security initiatives being carried out in other regions
• Any other developments relevant to information security.

EMEA Regional Compliance and Policy Development

• Assist in the development and maintenance of information security policies, standards, and procedures, ensuring that any EMEA region-specific concerns, policies, or procedures are incorporated into global information security policies (e.g., as an appendix).
• Ensure compliance with any relevant local information security regulations (e.g., GDPR) and industry standards within the EMEA region, whilst aligning with standards followed by the global firm (to the highest extent possible) by staying up-to-date with changing and evolving regulatory requirements within the region.
• Ensure that regional business units, IT, and information security staff are compliant with global policies.
• Provide guidance and support to regional Partners and business units within the EMEA region on security-related compliance matters.
• Develop and maintain regional security performance metrics and dashboards to track compliance, risk, and awareness levels, and report regularly to global and regional leadership.

EMEA Regional Support and Implementation

• Support both global and regional information security teams where region-specific restraints block or create tensions in the delivery of initiatives or fulfilment of goals by:
• Ensuring that relevant and legitimate regional concerns around initiatives are heard by global information security leadership in the firm.
• Finding compromises or solutions which satisfy all parties and keep the firm secure globally.
• Support the delivery of any region-specific information security initiatives or activities and ensure they are aligned with the firm's strategy, goals and objectives.
• Advise regional Partner, Business, and IT stakeholders across the EMEA region regarding information security threats, overall risk levels, and emerging threats relevant to the firm at both regional and global levels.
• Lead the identification, assessment, and mitigation of information security risks across business units within the EMEA region, maintaining a regional risk register and reporting key risks to the CISO and regional leadership.
• Improve information security awareness across the firm's business units within the EMEA region.
• Partner with HR and Learning & Development to deliver targeted security training and capability-building programmes across business units in the EMEA region.
• Act as the regional escalation point for security incidents, coordinating with global incident response teams to ensure timely and effective resolution and post-incident reviews.
• Support the assessment and monitoring of third-party vendors and partners of business units within the EMEA region to ensure compliance with the firm's information security standards and regulatory obligations.

Communication and Engagement for Global security transformation

• Establish a stakeholder map and plan an appropriate cadence of engagement and proactively network and manage relationships supporting the CISO in building and maintaining trust and confidence amongst colleagues and stakeholders.
• Effectively communicate the CISO's information security vision and purpose with impact and credibility, both in person and in writing by exploring new and innovative communications methods that respond to feedback and drive engagement and achieve continuous improvement.
• Collaborate with the CISO and information security leadership to craft key security messages and develop a delivery plan tailored to target audiences and channels.
• Collaborate with the firm's internal and external comms teams where relevant to shape, align, implement, and execute the CISO comms plan and activities.

Enable a high performing team for Global security transformation

• Manage a broad range of support responsibilities essential for the smooth running of the function, whilst improving operational effectiveness and driving continuous improvement in information security processes and tools.
• Set the cadence, direction, agenda and flow of Information security meetings, facilitating effective ways of working.
• Support the CISO in the design and implementation of transformation initiatives.
• Support the CISO to instantiate key result indicators and key performance indicators for the team for both team and wider business use.
• Support the onboarding of new joiners to information security team and co-own the people and talent strategy for the team together with the CISO and Leadership Team to enable a consistent approach to staff development plans and learning journeys.
• Work closely with the CISO and relevant people managers and HR colleagues to progress and respond to people matters including, workforce planning and recruitment.
• Collaborate with the firm's local recruitment teams to support recruitment activities directly led by the CISO . click apply for full job details