Information Security and Risk Specialist – Glasgow – up to £75K plus benefits (Hybrid working – 2 days a week in the Glasgow office)

This is an exciting and challenging permanent role with a leading global law firm in the UK. The successful candidate will be part of the team that focuses on the management of risk and assurance for Information Security and IT, and will work with stakeholders across the global business to develop and maintain the risk management and control frameworks.


Key Responsibilities:

  • Ensure an in-depth knowledge and understanding of the Information Security and IT risk management requirements and practices.
  • Lead the development and maintenance of the risk management framework for Information Security and IT, in accordance with company policy and in line with the enterprise risk management framework.
  • Work closely and build relationships with stakeholders in Information Security, IT, the global Risk department and across the wider business, to encourage and develop the processes required for the determination of appropriate risk appetite, identification and assessment of risk, the implementation of appropriate mitigation strategies and ongoing management, in accordance with the risk management policy.
  • Develop and manage the Information Security and IT risk register, ensuring that all identified risks are clearly recorded together with assigned owners.
  • Ensure that all risks are periodically reviewed and re-assessed.


  • Perform risk assessment activities as are appropriate for larger projects or for where there may be significant transformation or change within the business affecting Information Security or IT.
  • Build and maintain relationship with the global Risk department to share best practice and to ensure that the risk management and control frameworks for Information Security and IT fully aligns with the enterprise risk management framework.


Essential Skills & Experience:

  • Proven experience of working in an Information Security and IT Risk Management role within a fast-paced environment.
  • Operational knowledge of risk management and international information security standards, practices, risk management and control frameworks e.g. ISO31000, IRAM2, NIST 800-53 and cybersecurity framework. ISO27001/2, COBIT, ISF SOGP, CPS-234 etc.
  • Strong organisational skills and the ability to handle multiple conflicting priorities.
  • Able to work to very tight deadlines under pressure and to assimilate information quickly.
  • Strong interpersonal skills including confidence, positivity, diplomacy and the ability to gain credibility quickly.
  • Excellent verbal and written communication skills, with the ability to explain risk concepts and technical terms in a way that non-technical people would understand.
  • Demonstrates attention to detail with a high level of accuracy.


This role is urgent in nature so please email your CV to or call 077 375 38 248 for more information.




  • Date Added: Monday, 8th January 2024
  • Closing Date: Saturday, 24th February 2024
  • Job Code: 134632
  • Contact: Mitesh Fatnani