Head of Information and Cyber Security

The Law Society

Apply now

Welcome

At the Law Society, we have a rich history stretching back 200 years to 1825. Throughout that time as the independent professional body for solicitors in England and Wales, we have worked hard to promote the value of the profession, protect the justice system and support our members.

Today, our 400 employees and 400 dedicated volunteers serve a community of 200,000 members. This year marks a significant milestone: we celebrated our bicentenary and achieved Gold accreditation from Investors in People, reflecting our commitment to being an employer of choice for those who want to make a difference.

With the launch of our new three-year strategy, we are driving a transformation in technology delivery and management to align with our strategic goals. These newly created roles will be pivotal in shaping that change and fostering a member-centric approach—anticipating needs, enhancing capabilities, and making the Law Society an exceptional place to work.

Our teams work relentlessly on all kinds of projects, both large and seemingly small, but all crucial to our members and achieving our ambitions. The scale and complexity of our work behind the scenes can be surprising – for a small organisation we cover an unexpected breadth of activity.

It really is a privilege to work on so many fascinating issues, and to do so with so many passionate and motivated people across our staff and volunteer communities. Our greatest strength comes from the diversity of experience, expertise and skills of our people – all pulling together towards our collective goals.

We wish you every success with your application and look forward to welcoming the successful candidates to help us achieve our ambitions for the future.

Kate Evans
Executive Director - Technology & Change

About The Law Society

We are the professional body for solicitors in England and Wales.

Founded in 1825, our mission is to promote, protect and support solicitors, the rule of law and access to justice.

We promote the value of the profession and champion the £60 billion contribution the legal sector makes each year to the UK economy.

Our members are at the heart of all we do. We amplify the powerful collective voice of more than 200,000 solicitors with diverse experiences and backgrounds, advocating on the issues that matter to our members most.

Our Governance

We’re governed by our Council, supported by our Board and committees with invaluable contributions from our wider elected and appointed members who help set our strategic direction.

Our Council is supported by the Board and several committees, including:

  • Policy and Regulatory Affairs Committee.
  • Membership and Communications Committee.
  • Finance and Investment Committee.
  • People and Remuneration Committee.
  • National Board for Wales.

Our Board

The Board is responsible for:

  • Overseeing the effective implementation of our strategy and business plan, as set by Council.
  • Dealing with financial matters and risk management on behalf of Council.
  • Recommending approval of the budget to Council.
  • Making sure the Law Society is well governed.

Read more about our governance structure here

The role

Head of Information and Cyber Security (AQ3417)

Apply now

JOB DESCRIPTION

Directorate: Corporate Strategy and Performance
Department: Technology and Change
Team: XXXXXXXXXXXX
Grade: Senior Specialist / Leader B
Reports to: Executive Director – Technology and Change
Line management responsibilities: Yes
Location: London

Role overview

The Head of Information and Cyber Security provides strategic leadership of The Law Society’s security approach and posture, ensuring information, systems and services remain secure, resilient and compliant, whilst enabling the organisation to achieve its objectives.

As the most senior dedicated security leader, the role defines and delivers the security roadmap, manages enterprise-wide information and security risk and develops and embeds an effective security culture across the Law Society. Reporting into the Executive Director of Technology & Change, the Head of Information and Cyber Security acts as a trusted adviser, translating complex risks into clear business terms and ensuring the organisation remains both secure and agile.

In addition to security risk, the role leads IT risk management for the Technology & Change function, coordinating the risk register, control testing and executive reporting in partnership with Risk & Compliance.

Core duties of the role

The post holder will:

Leadership & Strategy

  • In collaboration with the Executive Director for Technology and Change, define and deliver the organisation-wide security strategy and roadmap, ensuring measures and controls are in place to keep the organisation secure whilst enabling business goals to be delivered.
  • Align our security work to appropriate standards, e.g. ISO 27001, NIST, Cyber Essentials Plus and ensure effective implementation and continuous improvement.
  • Effectively lead, develop and manage the security team, setting clear direction and priorities.
  • Work as part of the leadership of the Technology and Change department, modelling and developing strong leadership and management practices with an emphasis on creating ‘one brilliant team’ and ‘one effective way of working’ across the department.

Strategic Alignment

  • Ensure the organisation’s internal security strategy supports the Law Society’s wider mission to help solicitors and member firms adopt technology securely.
  • Work effectively with a broad range of colleagues to align internal security policies and practices with external guidance offered to members, ensuring credibility and consistency.
  • Contribute security expertise to initiatives that increase cyber resilience across the legal sector.
  • Stay engaged with developments in cyber security regulation and policy, supporting the Society’s advocacy role with government, regulators and professional bodies.

Governance, Risk & Assurance

  • Establish and oversee policies, frameworks and assurance processes, including audits and risk assessments.
  • Lead the Technology & Change IT risk framework and register (security and broader IT risk), with clear thresholds, KRIs and treatment plans.
  • Assess and manage security risks, balancing protection with agility.
  • Monitor evolving laws, regulations and sector standards to keep the Law Society compliant and resilient.

Executive Engagement & Risk Translation

  • Present complex IT & security risks in clear, accessible and business-focused terms.
  • Provide regular updates and recommendations that are reliable and well informed to senior leadership and the Board.
  • Act as a trusted senior adviser on all security matters.

Operations & Oversight

  • Oversee operational security activities (monitoring, incident response, vulnerability management) delivered by analysts and suppliers.
  • Ensure security architecture and controls are embedded in projects and services.
  • Lead the organisation’s response to major incidents. Own cyber incident response; partner with IT Operations for IT disaster recovery and wider service restoration.

Culture & Awareness

  • Champion a strong security culture across the organisation.
  • Deliver effective and impactful training and awareness campaigns across the Law Society that promote secure behaviours.

External & Supplier Engagement

  • Effectively manage relationships with regulators, auditors and external partners.
  • Oversee supplier security assurance and managed services.

Budget & Resources

  • Ensure effective investment in tools, people and suppliers.

 

PERSON SPECIFICATION

Criteria (knowledge, skills and attributes) 

  • Proven track record in leading enterprise-level information security functions or programmes (Head of, Deputy CISO, or equivalent).  Assessed by Interview
  • In-depth knowledge and practical implementation of information security governance, risk management, compliance and regulatory frameworks (ISO 27001, GDPR, Cyber Essentials, NIST).  Assessed by Interview
  • Demonstrable ability to balance security risk with business agility, using a pragmatic, risk-based approach. Assessed by Interview
  • Experience in developing and embedding a cross-organisation security awareness culture. Assessed by Interview
  • Strong grasp of cloud security (Azure, M365), data protection, identity & access management and modern security tooling. Assessed by Interview
  • Relevant understanding and exposure to AI, automation and emerging technology risk management. Assessed by Interview
  • Demonstrable experience in security operations and incident response at leadership/oversight level. Assessed by Interview
  • Strong knowledge of business continuity, disaster recovery and operational resilience frameworks. Assessed by Application Form
  • Good experience designing and managing security assurance and audit programmes. Assessed by Application Form
  • Skilled at presenting complex risk issues in clear, business relevant terms to senior leaders and non-technical stakeholders. Assessed by Application Form
  • Excellent influencing, communication and negotiation skills, with experience advising senior leadership, boards and regulators. Assessed by Interview
  • Experience leading and developing engaged and high performing teams, including Analysts and third-party security providers. Assessed by Application Form
  • Strong analytical, strategic thinking and decision-making skills. Assessed by Application Form
  • Recognised security certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Auditor). Assessed by Application Form
  • Active participation in security professional networks or industry groups. Assessed by Application Form
  • High level of initiative, with a considered and balanced approach to problem solving and decision-making. Assessed by Application Form
  • Able to demonstrate the ability to work flexibly and motivate others to do so, in times of change. Assessed by Application Form
  • Able to plan, organise and prioritise work during busy periods whilst maintaining a positive can-do approach. Assessed by Application Form
  • Able to manage own wellbeing during busy and demanding periods at work, with support from the Law Society as appropriate. Assessed by Application Form
  • A proactive approach to supporting a respectful and welcoming environment at the Law Society. Assessed by Application Form

Terms of appointment

This is an excellent opportunity to work in an organisation which has recently achieved gold accreditation from Investors in People in recognition of its work over the last few years focusing on being an employer of choice for people who want to make a difference.

You will join an organisation with a reputation for excellence, commitment to EDI, development and wellbeing, and a culture of clarity, trust, and respect. We offer hybrid working, a generous flexible benefits package, a positive working environment and the opportunity to develop your career within a professional organisation.

Annual leave

  • Full-time staff get 25 days of annual leave, in addition to public holidays. This increases to:
    • 27 days after two years’ service
    • 30 days after five years’ service
  • If you’re a part-time employee, the allowance is calculated pro rata based on your contracted hours.

Pension (DC Scheme)

  • Defined contribution (DC) schemes are occupational pension schemes where your own contributions and your employer’s contributions are both invested.
  • Employees can join the pension, including the salary sacrifice pension scheme, at any point in the year.
  • We contribute two times our employees’ contributions up to 3.5% of your notional base pay, and one and a half times any contributions you make between 3.5% and 7%.
    • Notional pay is your salary before salary sacrifice.
    • If you contribute 7% of your notional base pay, our contribution will be 12.25%.
    • If you contribute more than 7%, our contribution will remain at 12.25%.

Flexible allowance

  • You can take an additional 3% of annual basic salary (non-consolidated, non-pensionable) as income, paid monthly, or use it to buy additional benefits.
  • You can only buy additional benefits after you complete your probation.
  • The benefits purchase window opens once a year for you to make your selections.

Life assurance

  • You’re covered for a lump sum life assurance cover of four times your notional base pay if you die while working at the Law Society, up until the age of 75.

Private medical insurance

  • Eligibility for this taxable benefit is dependent on length of service and pay grade.

Health screening

  • All staff are eligible for this tax-free benefit after they’ve completed two years of employment.

Season ticket loan

  • A season ticket loan of up to £8,000 is available after you complete your probation.

Help with professional development

  • Providing certain conditions are met, we offer:
    • study leave of up to 5 days in a 12-month period to support longer-term programmes of study and sitting exams
    • funding of up to £2,000 and assistance with buying essential materials
    • books of up to £200 per year

Maternity leave

  • You can take up to 12 months’ absence while on maternity leave.
  • The payment amounts during this time vary depending on your length of service.

Paternity leave

  • You’re entitled to two weeks’ ordinary paternity leave.
  • You can take additional leave of up to 26 weeks, provided certain conditions are met.

Childcare allowance

  • Employees returning from maternity, paternity or adoption leave are eligible for a supplementary allowance of £200 per month for a period of six months.

Health club membership

  • We offer subsidised health club membership after you complete your probation. This is a company-funded and taxable benefit.

Please note: if you are an internal applicant, Pay Policy will apply.

How to apply

Anderson Quigley is acting as an advisor to The Law Society. An executive search process is being carried out by Anderson Quigley in addition to the public advertisement.

The closing date for applications is 1 February 2026.

Applications should consist of:

  • A full CV.
  • A covering letter  (2 pages of A4) outlining your motivation and details of how you meet the qualification, skills and experience criteria of the person specification.
  • Please include details of two referees in your CV, though please note that we will not approach your referees without your prior consent and only should you be shortlisted.

Should you wish to discuss further details about the role in strict confidence, please get in touch with Grace Tattersall at grace.tattersall@andersonquigley.com or +44 (0)7510 384 761.