Information Security Officer / InfoSec Compliance Analyst – Access Governance, Risk, Compliance; Security Controls Testing, Access Certification Audits, Reporting, Metrics; Development of Implementation of Security Controls; CISM, CISSP, CySA+, CASP+ etc; ISO 27001, NIST, Cyber Essentials Plus. London / Remote (Hybrid 3 Days Per Week In Office). GBP60k – GBP70k +Bonus +Benefits Prestigious Global Law Firm seeks an Information Security Officer / InfoSec Compliance Analyst to undertake risk assessments, access certification audits and security assessment testing to evaluate and ensure that the firm operates within IT security compliance parameters of both industry best practice and regulatory compliance requirements. You will play a dual role in both the risk assessment work and the development of the IT InfoSec / CyberSec policies and security controls required to ensure that internal systems meet with these standards. This is a mid–level Information Security Officer / InfoSec Compliance Analyst role which will require an individual to both work under their own initiative in terms of risk assessment testing and support the work of senior Information Security Officers within the team to develop security controls. You will evaluate compliance with key security policies and ISO requirements, document variations for remediation and generate actionable metrics for leadership review. Follow this the successful candidate will identify and support creation of policies and procedures to improve compliance processes. Finally, you will manage the IT security risk register and findings and manage updates as appropriate in line with incident management and developments in policy We are searching for an Information Security Officer / IT Security Analyst / InfoSec Officer / IT Auditor / CyberSec Compliance Analyst who can bring both procedural security knowledge, experience of audits and the implementation of security procedures and controls within best practice frameworks within either business or public sector environments. You will be an Information Security professional who holds certifications ranging from CySA+, CASP+, CISSP, Security+, CISA, CISM, and may have some exposure to frameworks such as ISO 27001 or NIST. You will be familiar with undertaking a range of security audits (such as access certification audits, IT risk assessments, perimeter defence testing etc) and providing guidance and advisory to both technical and business stakeholders alike. You will be familiar with a range of tools such as SailPoint, Tenable, MS Security Suite and others. Excellent organisation and communication skills are pre–requisite. Degree level education preferable but non–essential. Excellent opportunity to join a well renowned, international Law Firm during a time of exciting growth and corporate development.