Information Security & Compliance Lead

The role

The Information Security Compliance Lead is a key role with the firm’s Security Governance team and is responsible for ensuring security controls are operating effectively and in accordance with both regulatory requirements and client obligations.

The role will identify, report and act upon security control gaps and co-ordinate the response with control owners to help mitigate any threats to the firm and the data it manages.

They will lead the day-to-day management of the ISMS and ensuring records are kept up to date and all governance activities are being performed

MAIN DUTIES AND RESPONSIBILITIES

The Information Security Team is responsible for ensuring compliance with information security controls, management policies and procedures that are a core component of the firm’s ISO 27001 certification.

The key areas of responsibility are (but not limited to):

• Conducting compliance audits and reviews to ensure compliance in accordance with ISO27001, and other standards
• Ensuring the continuous embedding of ISO27001 Information Security Management framework and adherence to the standard
• Conducting control testing as part of a continual programme of reviews
• Continually look for ways to improve security processes to better manage the firms ISMS and wider security controls
• Supporting the firms Cyber Essentials Plus certification and performing regular compliance testing
• Liaise with external and internal auditors engaged in certification, financial and operational audits conducted on the firm
• Supports client audits and acts as subject matter expert for client questionnaires
• Ensures policies and processes are in line with regulatory and client standards
• Agrees risk and audit remediation action plans with appropriate cross functional owners ensuring mitigation is completed on time
• Escalates significant risks or risk trends to appropriate leadership
• Manages the internal security assurance audit schedule
• Embeds compliance culture and risk awareness

• Experience of operating, monitoring and implementing security policies, standards and controls across multiple security control frameworks
• Demonstrable understanding of information security controls and technology
• Experience of working with security controls across cloud services
• Experience of managing and auditing ISO27001 ISMS
• Managing external audit activity and supporting internal audits
• Good understanding of risk management

The ideal candidate should have excellent soft skills and understand how to communicate within a large organisation and with staff within the business. Several years’ experience in the security industry is a must and a good breadth of security knowledge is essential.

• Service minded
• Ability to deliver in a global organisation with different cultural challenges
• Must have a pro-active approach
• Must have a methodical troubleshooting method
• Initiative and ability to work under time constraints
• The ability to cope with multiple tasks/projects
• Excellent communication and collaboration skills
• Organised and self-motivated
• Genuine passion for Information Security
• Desire to develop (themselves, their colleagues and their capabilities)

• Client Relationship Managers and Clients
• IT and Security architects, project managers, engineers, analysts
• IT Managers
• Broader Risk and Compliance functions including Internal AuditData Privacy

ABOUT US

We strive to be the leading global business law firm by delivering quality, service excellence and value to our clients and offering practical and innovative legal solutions to help them succeed. Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies, as well as government and public sector bodies.

OUR VALUES

In everything we do connected with our People, our Clients and our Communities, we live by these values:

• Be Supportive – we are compassionate and inclusive, valuing diversity and acting thoughtfully
• Be Collaborative – we are proactive, passionate team players investing in our relationships
• Be Bold – we are fearless and inquisitive, challenging ourselves to think big and find creative new solutions
• Be Exceptional – we are strategic and driven, exceeding standards and expectations

DIVERSITY AND INCLUSION

We are committed to providing an inclusive working environment and culture across our global firm, where everyone can bring their authentic self to work.

Diversity of perspective, thought, background and culture combine to make us the leading global law firm; that’s why we actively seek to build balanced teams. We welcome the unique contribution that you will bring to our firm and actively encourage applications from all talented people – however your talent is packaged, whatever your background or circumstance and regardless of how you identify.

HYBRID WORKING

We recognise that people have responsibilities and interests outside of their career and that as a business, we all benefit from working flexibly. That’s why we are open to discussing with candidates the different ways in which we are able to support requests for agile working arrangements.

PRE-ENGAGEMENT SCREENING

In the event that we make an offer to you, and where local legislation permits and where relevant, we will conduct pre-engagement screening checks that may include but are not limited to your professional and academic qualifications, your eligibility to work in the relevant jurisdiction, any criminal records, your financial stability and work-related references.