Our Client
They are an international law firm with a focus on private capital at the intersection of personal, family and business.
Their ability to understand people makes then who they are. They work together to build deep and trusted relationships that deliver meaningful value to their clients. They do this with empathy, attention, and clarity. No jargon, no attitude. They know what matters.
Job Role
The role of the Security Analyst (GRC) will implement information security related tasks and focused on support and delivery, as advised and requested by the Head of Information Security (CISO). There are two streams of the organisational structure, Policy & Compliance and Operations. The skill set required for each is somewhat similar. However, will depend on what the candidate’s experience preference and aptitude, aligned to educational and professional qualifications.
Roles and Responsibilities
- Vendor security assessments in line with ISO27001, NIST, CIS, Cyber Essentials
- Policy updates / Risk management – tracking creation and review
- Maintain Information security awareness tool and reporting activity
- Maintain certification programmes and all coordination activity
- Create clear business presentations and organisation of documentation and policies.
- Arrange and support internal and external audit programme activity
- Document security breaches and assess the damage they cause and support the wider team
- Work with the security team and the wider IT team and external security partners to perform tests and uncover vulnerabilities and record and track for auditability and reporting
- Support remediation activity and vulnerability management to maintain a high level of security in line with information security best practice
- Maintain company-wide best practices policy for security / Network / Software / WIFI / Cloud / Messaging etc..
- Assist in performing penetration testing / Monitoring and recording Risk and assessment.
- Technical design authority & project review support
- Change delivery and security by design
- Security incident management and support
- Provide guidance for colleagues to understand information security best practice.
- Research security enhancements and make recommendations to management where necessary
- Stay up to date on information technology trends and security standards
- Comply with all relevant legal and regulatory obligations including the Solicitors Regulation Authority (SRA) Standards and Regulations, and Principles.
Qualifications and Experience
- Bachelor’s degree in computer science or related field
- Certified Information Systems Auditor (CISA), or ISO /IEC 27001 Lead Auditor or
- Implementer qualification with proven experience
- Experience coordinating Audit, Risk programmes
- Certified Information Systems Security Professional (CISSP) would be beneficial
- Experience in information security risk and compliance
- Experience with computer network penetration testing and techniques
- Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
- Ability to identify and mitigate network vulnerabilities and explain how to avoid them
- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
- A background in working in GRC within technology, preferably within an Infrastructure or Application support / Audit role.
- Demonstrable experience facilitating IT Control audit activities. With Relevant IT Security or Information Risk
- Management qualifications (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)), or ISO Lead Auditor or Implementer qualification, would be advantages for the role.
- Experience working with large and extended Operational and Engineering teams
Person Specification
- Strong proficiency-in focused on delivering several highly complex information security, Audit, Risk or technical initiatives simultaneously.
- Strong collaboration skills and conflict management skills are a must
- Excellent written and verbal communication skill as well as business acumen and a commercial outlook is mandatory
- Excellent organisation and communication skills are mandatory
Competencies
- Working together
- Integrity and respect
- Inclusive
- Personal impact and growth
- Driving high standards
- Commercial mindset
- Client – centric
- Responsible Business
