Head Of Information Security Supplier Assurance at Computappoint

• Job Location London Area, United Kingdom
• Seniority Director
• Type Full-time

Share on:

Description

Head of Information Security Supplier Assurance Organisation: Global Law Firm Location: Hybrid Working (2 days per week on-site Salary - £100,000 - £120,000 per annum The Organisation Our client is a distinguished global law firm operating across ten international offices, with an Information Security function that holds genuine strategic weight within the organisation.

The Information Security team maintains a comprehensive global remit, encompassing Security Operations, Governance Risk and Compliance (GRC), Identity Management, and Third-Party Security.

The Role We are seeking an accomplished Information Security professional to assume a senior leadership position within the Information Security team.

Reporting directly to the Chief Information Security Officer, this role carries significant accountability for the firm's supplier assurance framework and third-party security posture.

The successful candidate will be instrumental in sustaining the firm's ISO 27001 certification, developing and operationalising the Supplier Assurance Security Model, and ensuring the organisation delivers exemplary service to clients throughout due diligence processes.

This position requires both strategic vision and operational excellence, balancing technical rigour with stakeholder management at the highest level.

As a senior leader, you will build and develop a high-calibre team, establishing a centre of excellence for supplier assurance capabilities.

Principal Accountabilities Strategic Leadership Architect and embed a comprehensive Supplier Assurance Security Model aligned with organisational objectives Provide strategic intelligence to the CISO, including trend analysis, risk assessment, and actionable recommendations Establish and chair Supplier Assurance governance forums with senior stakeholders Third-Party Risk Management Oversee the complete lifecycle of third-party security assessments and vendor risk management Lead negotiations on Third-Party Security Schedules, ensuring robust contractual protections Evaluate and strengthen security provisions within commercial agreements Client & Stakeholder Engagement Manage client due diligence requests with professionalism and precision Deliver comprehensive responses to security questionnaires that reflect the firm's maturity and capability Build trusted relationships with internal and external stakeholders Compliance & Assurance Maintain evidence and documentation supporting ISO 27001 certification requirements Support internal and external audit activities from a supplier assurance perspective Ensure continuous adherence to regulatory and industry standards People Leadership Build, mentor, and develop a high-performing team with specialist supplier assurance expertise Foster a culture of continuous improvement, accountability, and professional excellence Provide coaching, performance feedback, and career development opportunities Essential Experience & Knowledge Substantial leadership experience in Information Security Supplier Assurance within a complex organisational environment Proven track record within medium to large legal, financial services, or similarly regulated sectors Comprehensive understanding of information security domains, including GRC, risk management, and security operations Demonstrated success in building and leading specialist teams to deliver strategic outcomes Strong grasp of ISO 27001 and security assurance frameworks Essential Competencies Exceptional leadership and people management capabilities, with evidence of developing high-performing teams Advanced negotiation skills with the ability to influence senior stakeholders and external vendors Outstanding written and verbal communication skills, capable of engaging technical and non-technical audiences Strategic thinking combined with attention to operational detail Strong business acumen and commercial awareness Desirable Qualifications Professional certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Auditor/Implementer Why This Opportunity This role offers a rare opportunity to join a forward-thinking Information Security function with genuine global reach and strategic influence.