Sorry, this advert is now closed. Click here to view our live vacancies.

Information Security & Privacy Analyst - City of London

IT/Information/Cyber Security
Ref: 166 Date Posted: Saturday 22 Jul 2023
 
Company:                         Legal
Working pattern:            Hybrid – 3 days in the office, 2 working from home.
Salary:                               £50,000 - £55,000
 
The Role
 
This is a new and exciting opportunity within the General Counsel & Risk team as part of our global Information Security and Data Privacy teams.
 
The individual will work closely with the UK and Australia-based teams in the following primary areas of responsibility, focusing on the UK, US and EMEA offices:
 
•             Providing assurance to external stakeholders, including: Client information requests, External certification audit and Client site audits
•             Supporting the maintenance and expansion of our ISO 27001 certification, in particular:
•             Preparing new and existing business units for certification.
•             Collating metrics in support of governance and continual improvement.
•             Risk assessing new ways of working, alongside the Risk and IT teams.
•             Assessing compliance with client-specific security requirements within the legal teams.
•             Managing the ISMS tools, documentation and trackers.
•             Supporting internal security audit activities.
•             Supporting the delivery of the firm's global privacy programme.
•             Day-to-day management of user behaviour and data leakage tools and follow-up.
•             Supporting the delivery and management of security and privacy education and awareness.
•             Providing technical information security and privacy advice to the business.
•             Ensuring security and privacy is built into the firm's data handling operations.
•             Assisting with day-to-day operational issues and incidents.
•             Building lasting and valuable relationships with internal stakeholders, especially Risk, IT, HR and of course lawyers.
•             Monitoring evolving security and privacy risks together with associated laws and regulation.
•             Please note this role is concerned with governance, risk and compliance elements of general information security and privacy; it is not a technical IT/Cyber Security role albeit a strong appreciation of IT and IT/Cyber Security concepts is undoubtedly required for this role to be successful
 
Skills, Experience and Qualifications
 
•             Degree educated (technical degree or similar).
•             We would expect the successful candidate to have a minimum of 2 years' experience in information security and privacy but may consider those with less experience providing they can demonstrate they meet the required competencies.
•             Strong knowledge of ISO 27001 and certification.
•             Strong knowledge of global data protection requirements and legislation, especially those applicable to the UK and EMEA.
•             One or more of the following – MSc in security or similar; CISSP; CISA/CISM; ISO 27001 Lead Auditor (Desirable)
•             Professional Services experience preferable.
•             Ability to identify and analyse complex security risks and controls.
•             Working knowledge of a broad range of security standards, control frameworks, applicable regulations and good industry practice.
•             Adaptable, diligent and works with initiative.
•             Strong relationship builder – internal and external.
•             Experience working as part of a global team.