Information Assurance Officer (12 Month Fixed Term Contract)

Trowers & Hamlins is a City-led, international and national law firm with over 170 partners and 1000 staff. With offices across the UK, Middle East and Asia, we provide a full-service integrated offering.

Our clients operate in diverse industry sectors such as construction, transport and infrastructure, banking and financial services, distribution and logistics, education and health, hotels and leisure, defence, engineering and surveying, charities, retail and energy and natural resources. We also act for many high net worth individuals.

We are different and we believe it is our people that make us unique. We expect and respect that you and your talents are too. The truth is we don't prescribe who you are or how you ought to be. It's what you can do that interests us most.

While the work on offer is rewarding and often complex, the qualities we look for are simple. The ability to get on with people from all walks of life, for example. To talk and to listen. To develop the sorts of relationships that mean you win the friendship and loyalty of clients and colleagues alike. In short, to connect. These are the characteristics our people all have in common. They are vital, as is the drive and imagination to use your unique talents to the full. We will help you in this. In fact, we will support you in every way we can.

The Opportunity

The role holder will report to our Director of Information Services, work closely with our Information Services and Infrastructure team. Working as our Information Assurance Officer you will be a key influential member of our team, driving our information security and cyber security compliance and assurance capabilities that range from our internal data protection and information security requirements and those driven through our independent certification to industry frameworks (such as ISO 27001 and Cyber Essentials Plus etc). You will play a key role in responding to security incidents, client audits and ISO compliance. You will play a leading role in ensuring Trowers & Hamlins continues to manage its information assets in a secure and compliant manner, delivering continuous improvements and ensuring ongoing compliance with cyber accreditations, legal and UK Government requirements relating to security and data protection.

What you will be doing

Key responsibilities

• Supporting the design, develop and operation of our Integrated Information Security Management System (ISMS) and Security Programme in line with ISO 27001:2022 standards
• Developing documents and policies to implement, develop and enforce security requirements
• Working closely with Information Services and other departments on security and compliance projects
• Engaging, supporting, and facilitating any compliance and external audit requirements
• Liaising with various departments, external organisations, suppliers and clients on client tenders, client audits, information security audits and information security questionnaires
• Driving our compliance capabilities and our assurance internally and with our supply chain.
• Assisting with Cyber Essentials Plus accreditation, including preparation, self assessments and assisting with the audit process
• Supporting the maintenance, reviews and updates of our suite of security policies, standards, processes, procedures and guidance.
• Working across departments on supply chain due diligence for information security for new and existing suppliers. Conducting supplier audits and risk assess suppliers
• Responding to often complex queries on information security and cyber security in a timely manner.
• Participating in security investigations as needed. Including aiding and assisting investigations of security incidents, maintaining the firm's incident records and producing reports and lessons learnt relating to incidents.
• Working with business areas and stakeholders at all levels to drive process improvements with a view to improving compliance and/or preventing incidents.
• Supporting Information Security Risk Assessments and associated Risk Treatment activities. Review and update risk registers and attend risk meetings in line with ISO standards
• Working with colleagues providing guidance and support to teams across the firm to ensure that information assets are protected and used appropriately and ensure that senior management have the necessary assurance.
• Reviewing, publishing and updating firm guidance, resources and policies relating to information security on the firm's intranet to inform staff of their security responsibilities
• Assisting with development of training and awareness materials and communications concerning cyber security and information security.
• Contributing to the firm's security culture and reduce security and data protection risks.

What you will need

Preferred Qualifications:

• Professional certification ISO 27001 Implementer of ISO 27001 Lead Implementer required
• A relevant professional certification such as: CISM, CRISC, CISA etc, desirable.
• Education/Training qualification

Position Knowledge, Skills, and Abilities Required:

• Practical experience of working with ISO 27001 and Cyber Essentials Plus.
• A good understanding of the UK-GDPR, DPA’18, ISO 27001:2022, Cyber Essential Plus and associated security controls (technical, procedural, personnel and physical)
• Ability to prioritise workload and work well under pressure to meet deadlines and manage business expectations
• Understanding and experience of business and technical information security concepts including risk management, defence in depth, and accreditation demands
• Enthusiastic and flexible
• An ability to operate autonomously with minimum supervision – a self-starter
• Ability to maintain confidentiality of information
• The flexibility to work outside normal hours may be required from time to time
• Strong attention to detail with a methodical and logical approach
• Excellent communication skills, both written and verbal
• An effective and committed team player
• Ability to use initiative and apply common sense
• Ability to effectively handle and prioritise competing demands and work within deadlines
• Excellent verbal and written communication skills

As part of our firm recruitment policy our candidates are subject to employment screening background checks. These checks include personal details, education and employment history, professional qualifications and credit and criminal checks as appropriate.

Trowers & Hamlins is an equal opportunities employer and values diversity and inclusion. All applications will be considered on merit and the applicant's suitability to meet the requirements of the role and will be treated equally irrespective of Ethnicity, Gender (including Trans and non-binary) Race, Disability, Religion and sexual orientation.

If you require any further information on any of our vacancies or would like to discuss any adjustments or additional support that you might need either during the recruitment process or after the offer stage, please feel free to contact our recruitment team on recruit@trowers.com