About the Role A leading City-based law firm is seeking an Information Security Analyst to enhance its cybersecurity framework. This role is responsible for managing and implementing security controls across Microsoft 365, endpoint security, network protection, and compliance with security standards. The successful candidate will play a key role in mitigating cyber risks, ensuring the firm's security posture aligns with industry best practices. About the Company This highly regarded law firm is known for its strong presence in the City and commitment to excellence in legal services. With a robust IT infrastructure, the firm places a high priority on information security, investing in cutting-edge technology and best practices to protect its data and operations. About You We are looking for an experienced security professional with a strong background in Microsoft 365 security, endpoint protection, and threat management. You should be highly organised, proactive, and capable of working across departments to maintain and enhance security protocols. Key Responsibilities Microsoft 365 and Endpoint Security Manage and enhance security controls for Microsoft 365, including conditional access, multifactor authentication, and identity protection. Configure and enforce endpoint security policies using Microsoft Intune to ensure device compliance. Administer mobile device security using MDM solutions. Act as the primary administrator for endpoint management tools (EDR) within security controls. Identity and Access Management Oversee the management of security certificates and Entra keys/secrets. Maintain the integrity of Active Directory, Entra, and other assets. Administer Public Key Infrastructure (PKI) and Virtual Private Networks (VPN). Projects and Compliance Lead and deliver security projects within agreed timeframes and budgets. Renew Cyber Essentials Plus certification annually, working with external assessors. Work with security audit suppliers to ensure compliance with security standards. Maintain security documentation and records for audit purposes. Supplier and Third-Party Management Manage relationships with suppliers and Managed Service Providers (MSPs). Assess third-party compliance with security standards and address risks. Maintain and review the firm’s information asset and risk register. Threat Management and Vulnerability Assessment Ensure log sources are configured and transmitting data to the SIEM platform. Monitor and manage vulnerabilities to protect organisational assets. Analyse threat intelligence and adjust security controls accordingly. Network and Data Security Conduct firewall policy reviews to protect against unauthorised access. Implement and manage email security protocols (SPF, DKIM, DMARC). Manage data loss prevention systems and ensure backup security. Oversee system patching and iOS updates. Collaboration Work with application and infrastructure teams to implement security measures. Provide guidance and escalation support to front-line IT teams. Collaborate with the Security Operations Centre (SOC) to monitor and manage risks. Key Technologies Microsoft 365 / Intune / Exchange Online / Teams Windows Server & Desktop Active Directory / Group Policy Email/Web Security Encryption / Cryptography PKI / VPN MDM / EDR Firewall Technologies IDS / IPS Backup & Recovery Technologies SOC / SIEM General Skills Strong organisational skills, attention to detail, and ability to manage workloads effectively. Excellent communication and interpersonal skills, with a professional and proactive approach. A commercial mindset and a commitment to providing high-quality internal IT services. Sound judgement and decision-making skills within defined boundaries. A team player with a positive attitude, reliability, and enthusiasm for information security. Cordless Resourcing is an equal opportunities employment business and agency. We assess applicants solely on their relevant skills, experience, and suitability for the role. No applicant will receive less favourable treatment based on sex, marital or civil partnership status, gender identity, pregnancy, maternity, race, nationality, ethnic origin, religion, belief, sexual orientation, disability, or age. This list is not exhaustive, and we are committed to promoting a fair and inclusive recruitment process.