Company: Legal
Working pattern: Hybrid – 3 days in the office, 2 working from home.
Salary: £50,000 - £55,000
The Role
This is a new and exciting opportunity within the General Counsel & Risk team as part of our global Information Security and Data Privacy teams.
The individual will work closely with the UK and Australia-based teams in the following primary areas of responsibility, focusing on the UK, US and EMEA offices:
• Providing assurance to external stakeholders, including: Client information requests, External certification audit and Client site audits
• Supporting the maintenance and expansion of our ISO 27001 certification, in particular:
• Preparing new and existing business units for certification.
• Collating metrics in support of governance and continual improvement.
• Risk assessing new ways of working, alongside the Risk and IT teams.
• Assessing compliance with client-specific security requirements within the legal teams.
• Managing the ISMS tools, documentation and trackers.
• Supporting internal security audit activities.
• Supporting the delivery of the firm's global privacy programme.
• Day-to-day management of user behaviour and data leakage tools and follow-up.
• Supporting the delivery and management of security and privacy education and awareness.
• Providing technical information security and privacy advice to the business.
• Ensuring security and privacy is built into the firm's data handling operations.
• Assisting with day-to-day operational issues and incidents.
• Building lasting and valuable relationships with internal stakeholders, especially Risk, IT, HR and of course lawyers.
• Monitoring evolving security and privacy risks together with associated laws and regulation.
• Please note this role is concerned with governance, risk and compliance elements of general information security and privacy; it is not a technical IT/Cyber Security role albeit a strong appreciation of IT and IT/Cyber Security concepts is undoubtedly required for this role to be successful
Skills, Experience and Qualifications
• Degree educated (technical degree or similar).
• We would expect the successful candidate to have a minimum of 2 years' experience in information security and privacy but may consider those with less experience providing they can demonstrate they meet the required competencies.
• Strong knowledge of ISO 27001 and certification.
• Strong knowledge of global data protection requirements and legislation, especially those applicable to the UK and EMEA.
• One or more of the following – MSc in security or similar; CISSP; CISA/CISM; ISO 27001 Lead Auditor (Desirable)
• Professional Services experience preferable.
• Ability to identify and analyse complex security risks and controls.
• Working knowledge of a broad range of security standards, control frameworks, applicable regulations and good industry practice.
• Adaptable, diligent and works with initiative.
• Strong relationship builder – internal and external.
• Experience working as part of a global team.