Rodeo
ResourcesPartnersSign in

Winston Taylor

Information Security Manager

London
Posted about 1 month ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

About Winston Taylor

At Winston Taylor, we set the standard, together.

Winston Taylor is a transatlantic law firm built for the businesses, people, and markets driving capital and innovation. Here, you're in the room. In the action. Sleeves rolled up.

You'll work with leading clients. Disruptors. Fast-growth companies. And help them to stay one step ahead of the moment and make critical decisions that shape their future. We're present in the U.S., U.K., Europe, Latin America, and the Middle East, combining the scale and speed that clients demand.

You'll be trusted with real responsibility from the outset and build experience through hands-on work. We take your progression personally. We provide the platform. You shape the work around your goals and aspirations.

Step into the moments that matter. Join Winston Taylor.

Information Security Manager

Position Summary

The Firm seeks an experienced Information Security Manager to lead our security strategy, operations, and dedicated team. The successful candidate will work closely with the Chief Information Security Officer, overseeing all aspects of information security across our U.K. and global offices. This leadership role is critical in ensuring effective protection of the firm’s technology assets, client data, and business continuity.


Responsibilities

Strategic Leadership
  • Develop, implement, and communicate a comprehensive information security strategy aligned with the firm’s business objectives and risk appetite.
  • Oversee continuous improvement of policies, standards, procedures, and controls for all offices.
Team Management
  • Lead, mentor, and develop a high-performing security team.
  • Set objectives, manage workloads, and foster professional growth within the team.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Security Operations
  • Oversee operations including threat monitoring, vulnerability management, access controls, endpoint security, and incident response.
  • Maintain robust cyber resilience measures across on-premises and cloud environments.
Compliance and Risk Management
  • Ensure compliance with GDPR, SRA requirements (for legal sector), ISO 27001/2 standards, and other applicable regulations across all jurisdictions.
  • Manage internal/external audits and regularly assess current risks; report findings to senior management.
Stakeholder Engagement
  • Collaborate with partners, business services, fee earners, and global office teams to embed a culture of security awareness.
Incident Management
  • Act as an escalation point for major incidents; coordinate response efforts.
  • Conduct post-event reviews and update disaster recovery/business continuity plans accordingly.
Project Management
  • Provide strategic input on firmwide technology projects, ensuring secure design principles are adhered to from inception through delivery.
  • Deliver information security projects and initiatives.
Responding to Client Security Questionnaires
  • Coordinate responses to client security questionnaires by gathering accurate information on the firm’s policies, controls, and practices.
  • Liaise with relevant stakeholders—including risk/compliance teams—to ensure timely, accurate responses that meet client expectations.
  • Maintain up-to-date records of standard responses and required evidence during due diligence or ongoing panel reviews.
Business Process Management (BPM) Support
  • Support BPM initiatives by assisting in documentation, analysis, and continual improvement of core business processes—especially those relating to information security or compliance.
  • Work cross-functionally to ensure process maps are current and contribute expertise on secure workflows within operational improvements.
  • Monitor regulatory changes relevant to BPM/security processes, ensuring documentation remains aligned with best practice.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job
Reporting
  • Regularly brief the Chief Information Security Officer/executive board on:
    • Key metrics
    • Risk posture
    • Incidents
    • Progress against strategic objectives (including client security questionnaire and BPM developments).

Experience, Skills, and Qualifications

Essential Qualifications and Experience
  • Significant experience in a senior Information Security role within legal/professional or financial services.
  • Practical knowledge of U.K./E.U./international regulatory frameworks (GDPR/SRA, etc.).
  • Proven experience leading/managing technical teams in multi-jurisdictional contexts.
  • Technical expertise across:
    • SIEM platforms
    • Cloud security solutions (Azure/AWS)
    • Endpoint protection suites and other relevant tools.
  • Track record in managing incident response and disaster recovery processes within complex environments.
Desirable Skills and Certifications
  • Professional certifications such as CISSP, CISM, CISA, or equivalent strongly preferred.
  • Experience supporting law firm technologies, such as:
    • Document/Case Management Systems (DMS/PMS)
    • Tools like iManage/Workshare
  • Strong interpersonal communication skills, comfortable engaging at partner/board level as well as technical teams.
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Information Security
Team Management
Cyber Resilience
Incident Response
Compliance
Risk Management
Stakeholder Engagement
Project Management
GDPR
ISO 27001
Cloud Security
Endpoint Protection
Vulnerability Management
Threat Monitoring
Disaster Recovery
Communication

Location

London, England, United Kingdom

Sign up to applySee more jobs like this