Cyber Security Lead
Thorntons Law LLP
- Edinburgh, Scotland, United Kingdom
- Edinburgh, Scotland, United Kingdom
About
At Thorntons Law, every moment matters. Join us as our Cyber Security Lead and you’ll feel inspired. You’ll feel connected. You’ll feel like you belong. And it all begins from the moment you join us.
That’s because we’ve created a different kind of law firm. Here, you’ll build relationships with clients and colleagues that really last. You’ll help shape what happens now, and what comes next. And we’ll support and encourage you to be the best you can be.
This is what life at Thorntons is all about. And this is your moment to be part of it.
*About the role*
At Thorntons, technology isn’t just a support function—it’s a strategic enabler of everything we do. As our Cyber Security Lead, you will play a critical leadership role in protecting the firm’s integrity, data, and digital future. You’ll lead our cyber security operations, drive continuous improvement across our security environment, and ensure threats are detected, managed, and responded to effectively while working in a collaborative, fast-paced environment. It’s about:
* Security Operations Leadership & Governance – leading cyber security operations across internal teams, outsourced SOC services, and specialist third parties; establishing clear operational approaches, priorities, and controls; and ensuring activities are aligned with wider IT, risk, and compliance frameworks while embedding a culture of accountability, collaboration, and continuous improvement.
* Threat Detection, Monitoring & Incident Response – overseeing day-to-day security monitoring and response activities; leading the relationship with our SOC provider to improve alert quality, automations, threat detection and escalation processes; coordinating incident response with a focus on rapid containment; and maintaining effective playbooks, communications, and operational resilience processes.
* Vulnerability Management & Security Tooling – leading the operational vulnerability management lifecycle, driving risk-based remediation with infrastructure and development teams, maintaining visibility of trends and remediation performance, and ensuring core security tooling and controls are configured, maintained, and continuously optimised.
* Policy, Reporting & Risk Management – partnering with senior IT leadership to provide clear, insight-led reporting on operational risk, incidents, trends, and control effectiveness; ensuring cyber risk is actively managed and reduced; maintaining robust documentation and governance; and supporting the confidentiality, integrity, and availability of firm systems and data.
* Stakeholder Engagement & Security Culture – acting as the operational point of contact for cyber security across the firm; working closely with IT, risk & compliance, business stakeholders, and third-party suppliers; supporting a positive security culture through training, guidance, and awareness initiatives; and promoting strong security-first behaviours across the organisation.
* Leadership & Continuous Improvement – managing and developing team members, mentoring junior colleagues, encouraging knowledge sharing and professional standards, and driving operational maturity through automation, standardisation, and continuous improvement initiatives.
*What you’ll need*
We’re looking for:
* Proven experience in cyber security operations, including threat monitoring, incident response, vulnerability management, and security operations within a regulated, risk-conscious, or operationally mature environment.
* Strong experience working with outsourced SOC providers and third-party specialists, driving service performance, operational quality, and continuous improvement.
* A deep understanding of security operations, governance, risk management, and common security controls and technologies, with the ability to apply confidentiality, integrity, and availability principles across all work.
* Strong analytical, investigative, and troubleshooting skills; someone who can think clearly under pressure, coordinate technical and non-technical stakeholders during incidents, and make structured decisions in high-pressure situations.
* The ability to communicate clearly: translating technical risk into business impact, providing insight-led reporting to senior stakeholders, collaborating across teams, and influencing positive security behaviours throughout the firm.
* Experience leading or developing people, including mentoring junior colleagues, building resilient operational capability, and fostering collaboration and continuous improvement within a team environment.
* Experience managing third-party consultants, suppliers, and security operations-related services.
* Solid qualifications: a degree in Computer Science, Information Security, or related; professional certifications such as CISSP, CISM, or equivalent security certifications are desirable.
* Bonus skills: experience with security tooling optimisation, automation, threat intelligence, forensic investigations, and security operations within the legal or professional services sector.
* Someone who brings not just technical expertise, but leadership, accountability, curiosity, and a real sense of ownership
* You’ll ideally be based in either Edinburgh, Glasgow, Dundee or Perth, with this hybrid role requiring at least 3 days per week in one of our offices. Occasional travel to our other office locations will also be required to support collaboration, stakeholder engagement, and operational delivery across the firm.
*Why this role*
* A chance to shape and lead security strategy in a large, ambitious law firm.
* Real responsibility from day one: your work will have visible impact on how we protect our clients, our people, and our systems.
* Exposure to cutting-edge tools and modern security practices.
* Supportive environment: collaborate with talented colleagues, learn from senior mentors, and develop your skills.
*What we offer*
We offer much more than just a competitive salary, and we’re committed to looking after our people in every way. Here’s just some of the benefits available:
*Benefits*
* 39 Days Annual Leave (includes 5 fixed public holidays)
* Contributory Pension Scheme with salary exchange
* Private Medical Insurance
* Critical Illness Cover
* Income Protection Cover
* Group Life Assurance
* Exceptional maternity, paternity, partner and adoption leave packages
* Assisted Conception & IVF Leave
* Health care cash plan to support everyday health expenses
* 24-hour wellbeing support
* Free Legal fees for moving home and life planning
* Cycle to Work Scheme
* Gym Discounts
* Retail Discounts
* Hybrid Working
*Professional development*
Access to a wide range of opportunities to build your expertise and advance your career, through courses, specialist accreditations, training, or business skills development.
*Belonging*
At Thorntons, we embrace diversity and are committed to creating a welcoming and inclusive workplace where everyone can thrive.
As a Disability Confident employer, we want to ensure that everyone has a positive experience when applying to join us. If you have a disability or are neurodivergent and need any adjustments during the recruitment process, just let us know — we’ll do everything we can to support you.
We work flexibly to meet the needs of our clients and our people. While not every role is the same, most offer a hybrid working pattern. We’ll work with you to agree the right arrangement that supports you, the role, and our clients.
*Make the moment matter*
If you’re looking for a career with a different kind of law firm, this is the moment to find out more - and apply.
Choosing the right company is about more than just the work—it’s about the people, the culture, and the opportunities to grow. At Thorntons Law, we’ve built something different. We’re one of Scotland’s largest and most respected full-service legal firms, but more importantly, we’re a firm that invests in you—your development, your ambitions, and your future.
* All you need to do is apply by 7th June and we’ll be in touch.
Work Location: Hybrid remote in Edinburgh EH12 5HD
Languages
- English
Notice for Users
This job comes from a TieTalent partner platform. Click "Apply Now" to submit your application directly on their site.