Address
Form of work
SalaryThe role
The Senior Information Security Risk and Compliance Analyst will lead on identifying, reporting and acting upon Information Security risks.
They will also lead on directing and co-ordinating the response with other groups to help mitigate any threats and risks.
They will ensure security controls are operating effectively and in accordance with regulatory and legislative requirements.
MAIN DUTIES AND RESPONSIBILITIES
We are looking for a business focused and experienced, Senior InformationRisk and Compliance Analyst to join our growing team.
This is not a hands-on technical role however, some high-level technical awareness is needed as you will be working closely with Information Security Operations and IT teams.
Primarily, the activities you’ll be involved in include:
- Lead and coordinate all aspects of the Security Risk assessments including the tracking and remediation processes
- Clearly document and define risks and potential impacts including mitigation proposals and provide recommendations, challenging where required
- Manage and maintain the Information Security Risk Register and the risks within it
- Lead and provide suggestions on decision-making and approvals around risks
- Lead on creation of key risk management documentation for risk committee
- Manage and develop independent risk reporting
- Escalate risks as relevant to appropriate leadership
- Lead regular risk forums, while also recording and publishing meeting minutes and actions
- Lead on embedding compliance culture and risk awareness
- Manage the risk management policy and frameworks are managed, up to date and quality assessed
- Train others including junior members of team on risk management and risk processes
- Support the delivery of responses to client and business requests, including the completion of client and pitch questionnaires
- Supporting all activities related to the maintenance of the Information Security control frameworks e.g. ISO27001
- Support of internal and external audits
- Working alongside IT, collaborating closely with all other risk teams, 3rd party suppliers, procurement and other business teams where needed
- Any other duties defined by the Information Security Assurance Manager
ABOUT YOU
- Identification and management of Information Security risks; recommending cross business mitigation plans
- Excellent knowledge of data security and risk management principles
- Utilising risk management policies and processes to identify and analyse risk
- Writing policies/standards/procedures or other compliance documentation
- Core IT infrastructure technologies and concepts
- Excellent written and verbal communication skills
The ideal candidate should have excellent soft skills and understand how to communicate within a large organisation and communicating effectively across various business departments.
Ideally, have a good knowledge of Information Security control frameworks such as ISO27001, ISO27005, NIST, COBIT and/or ISO31000, as well as an awareness of data privacy rules, e.g. the GDPR.
The ideal candidate may hold security certifications such as CRISC, CISA, ISO27001 Lead Auditor or ISO27001 Lead Implementer with other security certifications being beneficial.
The following characteristics are essential:
- You will be a motivated team player with a flexible, adaptable approach to getting the job done
- You’ll have previous experience in business facing/client facing roles within Information Security with the ability to act calmly under pressure
- Be highly organised and self-motivated with genuine passion for Information Security governance
- You’ll also be able to manage multiple tasks and projects at any one time
- You will have excellent communication and collaboration skills, and have a pro-active approach
- Have a desire to develop professionally (yourself and your colleagues)
Key Relationships:
- Clients/Suppliers
- Broader Risk and Compliance functions including external parties
- IT teams across the international firm
- 2nd and 3rd party auditors
- Data Privacy team
- Procurement
- Client facing teams
ABOUT US
DLA Piper is a global law firm with lawyers and business service professionals located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa and Asia Pacific. Our global reach ensures that we can help businesses with their legal needs anywhere in the world. We strive to be the leading global business law firm by delivering quality, service excellence and value to our clients and offering practical and innovative legal solutions to help them succeed. Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies, as well as government and public sector bodies.
OUR VALUES
In everything we do connected with our People, our Clients and our Communities, we live by these values:
- Be Supportive – we are compassionate and inclusive, valuing diversity and acting thoughtfully
- Be Collaborative – we are proactive, passionate team players investing in our relationships
- Be Bold – we are fearless and inquisitive, challenging ourselves to think big and find creative new solutions
- Be Exceptional – we are strategic and driven, exceeding standards and expectations
DIVERSITY AND INCLUSION
At DLA Piper, diversity and inclusion underpins how we live our values and everything we do. We believe that everyone has a voice, and that everyone’s voice counts. We know that the rich diversity across our firm makes us stronger, more innovative and creative, which helps us to better serve our clients and communities. We are committed to providing an inclusive working environment and culture across our global firm, where everyone can bring their authentic self to work.
Diversity of perspective, thought, background and culture combine to make us the leading global law firm; that’s why we actively seek to build balanced teams. We welcome the unique contribution that you will bring to our firm and actively encourage applications from all talented people – however your talent is packaged, whatever your background or circumstance and regardless of how you identify.
HYBRID WORKING
We recognise that people have responsibilities and interests outside of their career and that as a business, we all benefit from working flexibly. That’s why we are open to discussing with candidates the different ways in which we are able to support requests for agile working arrangements.
PRE-ENGAGEMENT SCREENING
In the event that we make an offer to you, and where local legislation permits and where relevant, we will conduct pre-engagement screening checks that may include but are not limited to your professional and academic qualifications, your eligibility to work in the relevant jurisdiction, any criminal records, your financial stability and work-related references.
