Three Crowns overview

Three Crowns is a leading international disputes firm. Founded over a decade ago by prominent practitioners who held senior leadership positions at major full-service firms, Three Crowns was purpose-built for excellence in international arbitration.

The firm has grown to over 180 professionals, including 19 partners, across offices in Dubai, London, Madrid, Paris, Singapore, and Washington DC. Three Crowns is ranked among the top two firms globally for international arbitration by GAR – the industry's benchmark publication – and is the only firm to hold Band 1 rankings across Chambers Global, Europe, France, and UK for international arbitration.

The role

Reporting the to the Director of IT, the Senior Infrastructure and Information Security Manager is a senior position within Three Crowns’ international IT team, responsible for the operational leadership of the firm’s technology infrastructure and cybersecurity program. This role oversees all day-to-day aspects of IT infrastructure (networks, servers, cloud services, and core legal applications) and ensures the protection of sensitive legal data and client information through robust information security measures. Working closely with the Director of IT, the role contributes to IT planning and leads on execution in the infrastructure and security domains, aligning initiatives with the firm’s overall IT strategy. As a key IT leader, this individual will also coordinate infrastructure and information security operations across all Three Crowns’ offices in London, Madrid, Paris, Singapore, Dubai and Washington DC, ensuring consistent, high-quality service excellence worldwide. Given the international nature of the firm, the role requires flexibility in hours, ability to accommodate cross-time-zone collaboration (including availability for after-hours emergencies) and travel internationally.

Key responsibilities:

The responsibilities of the Senior Infrastructure and Information Security Manager will include, but are not limited to:

• Oversee the firm’s IT infrastructure (networks, cloud, and on-premise systems) to ensure availability, performance, and scalability. Ensuring effective monitoring, capacity planning, and stable support delivery.

• Lead the design and operation of the firm’s information security framework and controls.

• Ensure appropriate protection of firm data through effective security technologies and processes.

• Maintain and enhance incident response and cybersecurity posture.

• Maintain compliance with data protection regulations and relevant standards, including ISO 27001 and Cyber Essentials (Plus).

• Manage client audits and security questionnaires. Oversee vendor risk assessments, security testing, and remediation activities.

• Manage contracts and SLAs, including oversight of MSP and SOC providers, ensuring performance and value.

• Deliver infrastructure and security projects (e.g., upgrades, migrations, deployments, office setups). Define scope, manage resources, and ensure delivery on time, within budget, and with minimal disruption.

• Support IT strategy and roadmap development for infrastructure and security. Identify improvement opportunities and prepare business cases and investment recommendations.

• Develop and maintain infrastructure and security policies and standards.

• Promote firm-wide adherence and security awareness.

• Maintain accurate technical and control documentation.

• Oversee disaster recovery and technical business continuity planning.

• Regularly test recovery capability and ensure alignment with ISO 27001 and client requirements.

• Ensure consistent infrastructure and security standards across all offices.

• Harmonise deployments and support global operations, including cross-time-zone coverage.

• Lead and develop the Infrastructure and Information Security team.

• Set objectives, manage performance, and support ongoing professional development.

• Partner with legal, business services, and Risk teams to support secure and reliable operations.

• Ensure infrastructure and security initiatives align with business needs and minimise disruption.

• Support budgeting and financial oversight for infrastructure and security. Monitor spend and identify efficiencies and investment priorities.

• Report regularly on infrastructure performance and cybersecurity posture.

• Provide updates to leadership and governance forums, including significant incidents and achievements.

• Act as escalation lead for critical IT and security incidents. Provide out-of-hours support where required.

Skills and knowledge

• 10+ years’ IT experience, including senior responsibility for infrastructure and/or cybersecurity.

• Proven track record managing complex IT environments and delivering technology projects.

• Experience in a law firm or professional services environment preferred.

• Strong expertise in enterprise networking and systems administration (LAN/WAN, Wi-Fi, servers, storage).

• Hands-on experience with Microsoft technologies including Windows Server/11, Active Directory, Entra/Azure AD, Microsoft 365, and Intune.

• Experience architecting and supporting secure Microsoft Azure environments, including identity, device management (Autopilot), and remote access solutions.

• Strong understanding of cybersecurity operations, risk management, and incident response.

• Experience managing enterprise security tools (firewalls, IDS/IPS, endpoint protection, email security, monitoring).

• Knowledge of security best practices, risk assessments, ISO 27001, and relevant data protection regulations (e.g., GDPR).

• Familiarity with legal technology platforms (e.g., iManage, Aderant, Intapp, BigHand, Workshare, InterAction) advantageous.

• Awareness of enterprise and legal GenAI tools preferred.

• Proven leadership and team management capability, including mentoring distributed teams.

• Ability to communicate technical concepts clearly to senior stakeholders and end users.

• Confident in high-level discussions and effective under pressure.

• Strong project delivery capability across multiple concurrent initiatives.

• Familiarity with structured service management practices (e.g., ITIL).

• Effective documentation and continuous process improvement skills.

• Strong client-service mindset.

• High integrity, discretion, and attention to detail.

• Adaptable, resilient, and proactive.

• Forward-looking approach to technology and security improvement.

Certifications

The below certifications would be a plus. Three Crowns is committed to continuous learning amongst our people and as such would support this role in attaining and maintaining these certifications:

• CISSP (Certified Information Systems Security Professional) or equivalent security management certification.

• Microsoft Azure certifications (such as Azure Solutions Architect, Azure Security Engineer, or Microsoft 365 Certified Enterprise Administrator) to demonstrate cloud expertise.

• ITIL certification for IT service management; and qualifications related to ISO 27001 (e.g., ISO 27001 Lead Implementer or Auditor).

• CISM/CISA (Certified Information Security Manager/Auditor), GIAC security certifications, or Microsoft Certified Cybersecurity Architect would also be beneficial.