Join Pérez-Llorca, a leading law firm in the Iberian Peninsula, where you will be able to accomplish all the goals you set for yourself. With more than 500 professionals, we offer comprehensive advice on Spanish, Portuguese and European law with offices in Barcelona, Brussels, Lisbon, London, Madrid, New York and Singapore.

Their mission will be to accompany the firm in the digital transformation process, and they will be responsible for leading the cybersecurity strategy, projects and processes, both for the current and future national and international offices and headquarters. Pérez-Llorca is undergoing a major transformation programme and sees technology moving from a support function to a key business enabler in a market that is moving towards more digital and data-driven technologies. As such, this role will form a key part of the leadership team within the company’s IT functioning.

As part of this transformation programme, Pérez-Llorca considers it vital to maintain high security standards given the nature of the business of a law firm with an international footprint.

Responsibilities:

• Together with the CIO, formulating the cybersecurity strategy, basic principles (e.g. zero trust) and information security policy.
• Conducting a comprehensive assessment of the security and compliance of the firm’s IT systems, promoting internal controls, audits and reporting.
• Assessing and managing the security of suppliers and third parties, always ensuring the security of information in the supply chain. Collaborating with cross-functional teams to ensure the secure design, development, implementation and maintenance of systems and applications.
• Establishing incident response plans, responding to security incidents, investigating breaches and coordinating recovery, including coordinating with the SOC.
• Designing, prioritising, implementing and monitoring security services for operational and/or non-operational purposes (e.g. SOC, I&AM) in accordance with the firm’s appetite for risk.
• Supporting legal, HR, or other internal or external areas in investigations of information systems, e.g. searches related to fraud or other misconduct.
• Communicating and promoting cybersecurity training and awareness in information systems.
• Participating in the design of IT services to ensure that solutions are secure.
• Coordinating the monitoring of information systems in all aspects of cybersecurity, e.g. analysing network traffic and searching for anomalies.
• Actively participating in the firm’s AI committee.
• Coordinating the firm’s ISO27001 certification, and any cybersecurity related audits.
• Coordinating responses to our clients’ requests for information on our security levels.
• Coordinating the implementation of disaster recovery plans based on the firm’s BIA.
• Leading the coordination and consolidation of IT risk analysis and management.
• Advising the firm on data protection (GDPR and related policies) in all countries.

Minimum requirements:

• Degree in Information Technology or a related field
• Fluent English
• Three years of experience in a similar role
• Relevant certifications: CISSP, CISM, CEH or ISO 27001 Lead Auditor
• High knowledge of cybersecurity frameworks: MITRE, CRISC, CISM, MCRA, NIST, among others
• Strong generalist IT background including IT infrastructure, architecture, network protocols, e.g. firewalls, antivirus, identity and access management tools, directories (LDAP, Active Directory, DNS), databases, networks, port and vulnerability scanners, GRC tools, public key infrastructure, cryptography, intrusion detection/prevention systems, security information and event management (SIEM) solutions, etc.
• Excellent knowledge of outsourced service management as well as writing RFPs.
• Knowledge of best practices in (web) application programming security (OWASP).
• Experience in service delivery in a service management environment under the ITIL framework.
• Experience in the design, documentation and implementation of cyber security processes/procedures.
• Excellent communication and presentation skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
• Empathy
• Open to potentially taking on other functions within the scope of IT services.

Other requirements:

• Being a chartered member of a recognised professional body, e.g. ISACA.
• IT service management qualification, e.g. ITIL Foundation.
• ADKAR methodology
• Knowledge of Azure services.
• Project Management Certification (PMP, Six Sigma).
• Knowledge of best practices in (web) application programming security (OWASP).