IT Security Officer

About the Role

As IT Security Officer at Workman LLP, you will play a critical role in safeguarding the firm’s information assets, systems, and data across the organisation. Reporting into the Director of IT, you will be responsible for defining, implementing, and maintaining the firm’s information security framework, ensuring confidentiality, integrity, and availability of all technology services.

This role combines strategic oversight with hands‑on delivery. You will work closely with IT, compliance, and business stakeholders to identify and mitigate security risks, ensure compliance with awarded accreditations, and continuously improve the firm’s security posture. The IT Security Officer will act as a trusted advisor to the business, balancing robust security controls with the operational needs of a professional services environment.

Key to your success will be staying ahead of emerging cyber threats, driving security awareness across the firm, and ensuring Workman LLP remains resilient against cyber incidents. This is an excellent opportunity for a security professional who enjoys ownership, influence, and the chance to make a measurable impact in a respected LLP.

• Develop, implement, and maintain Workman LLP’s information security policies, standards, and procedures to protect firm and client data
• Act as the subject matter expert for information security, advising IT teams and the wider business on security‑related matters
• Identify, assess, and manage cyber security risks, ensuring appropriate controls are in place and regularly reviewed
• Monitor security threats and vulnerabilities, maintaining oversight of incident detection, response, and remediation
• Lead and coordinate responses to security incidents, including investigation, reporting, and lessons‑learned activities
• Ensure compliance with relevant regulations and standards, including data protection legislation and recognised security frameworks
• Work closely with Compliance and business stakeholder to support audits, assessments, and client security questionnaires
• Deliver security awareness and training initiatives to promote a strong security‑first culture across the firm

• Proven experience in an information security, cyber security, or risk‑focused IT role
• A strong understanding of information security principles, risk management, and security best practice within a professional services or regulated environment
• Ability to assess risk pragmatically and implement proportionate, business‑aligned security controls
• Experience developing and maintaining security policies, standards, and procedures
• Confidence in responding to and managing security incidents, including investigation and remediation
• Knowledge of relevant standards and frameworks such as ISO 27001, Cyber Essentials, GDPR, and NIST/SOC2 Framework
• Strong communication skills, with the ability to explain security risks clearly to both technical and non‑technical audiences
• A proactive mindset, staying informed on emerging threats and continuously improving security capability
• Strong organisational skills, with the ability to manage priorities and work independently
• A collaborative approach, building trusted relationships across IT and the wider business

At Workman LLP, trust is fundamental to our operations. In this role, the primary focus is on safeguarding clients, colleagues, and sensitive information through carefully considered and proportionate security measures.

We prioritise a proactive and pragmatic approach, ensuring that risks are anticipated, resilience is enhanced, and business operations are supported rather than hindered. Equally essential is fostering collaboration by working transparently with teams throughout the firm and communicating effectively, thereby promoting an organisation‑wide understanding and commitment to security.