Of course, knowledge of the law will not hurt an information security specialist, but it will not help much either. Well, unless you are lucky enough to settle down in a thick office, where there is a whole IS division and there is a division into specializations.
In general, IS is very similar to the administration - there are also "many-armed many-legged", and there are more of them in IS - even an office of medium thickness does not always allow itself to hire a separate IS specialist, and even more so several. There are also specializations. There is also some completely incomprehensible romanticization of the profession (although in fact, IB, especially if you are a multi-armed many-legged - it is somewhat reminiscent of the work of a sewer - you constantly have to deal with not the best aspects of human life). It's also full of dumb, unintellectual, repetitive work.
Well, besides, the IB-shnik usually controls the work of admins - that is, you need to know the work of the admin no worse than the admins themselves - otherwise they will frankly laugh at you :)

Everything is elementary.
In order to become an Information Security Specialist, one must first become an Information Technology Specialist. This is where you start.
And how - you choose. Options
- Second education, starting with a bachelor's degree. The most direct way.
- Self-education - practically from scratch. Everyone thinks they can do it. Yeah. Well, try it. Then you will tell how in what month you ran out of fuse.
- Courses. Not much different from the second, and in the absence of a base - even for the worse.
By and large, the second and third options can and should be considered as an additionto the first. Without the first, you will not be accepted into any serious office. No matter how brilliant you are - simply because in some "papers" (see below), such a requirement is written directly.
True, there is one role in IS - drawing up all kinds of pieces of paper, reconciliation of regulations, checking for compliance with laws and by-laws, and finally - subsequent verification of the compliance of realities with these pieces of paper. IT professionals hate this job with a fierce hatred, but for you, with your basic legal, it may suit. Try to get a job in some state office or bank for such a position. If, of course, it "warms".

If you don't have much time to study, it's better to finish your studies. Knowledge and a diploma can come in handy.
As already mentioned above, it is necessary to study IT-technologies. Those. you need to know how a computer works at all levels - from assembler and controllers to theoretical concepts. Moreover, you need to know this not thoroughly, but at least at the level of understanding how it works. For example, MeltDown cannot be understood without knowledge of assembler.
You need to know how networks work - also not thoroughly, but at the level of general ideas. Same at all levels.
And for this case - you need to know mathematics well.
Education can also be obtained at a university - but not in every way. Or in courses - but also far from everyone. Self-education is necessary in any case; if only because technology changes, so that knowledge becomes obsolete.

Option 3. The university will not give you the necessary knowledge, you will still need to educate yourself.