Address
Form of work
SalaryPractice Group / Department:
IT SecurityJob Description
We're Norton Rose Fulbright – a global law firm with over 50 offices and 7,000 employees worldwide. We provide the world's preeminent corporations and financial institutions with a full business law service. As well as the relevant skills and experience, we're looking for people who are innovative, commercial and value the work that they do. To attract the best people, we strive to create a diverse and inclusive environment where everyone can bring their whole selves to work, have a sense of belonging, and realize their full career potential. We value difference and actively promote a culture of respect for each individual, encouraging and creating inclusion. Our new hybrid working model allows our people to have more flexibility in the way they choose to work from both the office and a remote location, while continuing to deliver the highest standards of service. We offer a range of family friendly and inclusive employment policies and provide access to programmes and services aimed at nurturing our people's health and overall wellbeing.The Team
The Information Security team report to the Global Chief Information Security Officer (CISO). The team work with unified principles and processes around the world while maintaining regional stakeholder relationships. High standards are achieved by the adherence to international best practice principles (ISO 27001) and continual improvement methodologies.
The scope of the Information Security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. In many cases, the operational running of security controls is the responsibility of IT Service Delivery teams or departments such as HR, Facilities, Procurement, General Counsel etc., The Information Security team remains responsible for ensuring the effectiveness of the overall control framework and ensuring that any related risks are identified / incidents managed.
The Role
The Technical Information Security Governance & Compliance Analyst takes responsibility for all technical control responses supporting the client bids/audits and supplier assessment process. The role is a key part of supplying assurance to our clients on the technical security measures we have in place for the protection of client data. Providing project support for other security functional areas may also be required on an ad hoc basis.
The success of this role is dependent upon building a lasting alignment between client requirements and NRF's Information Security provisions and business requirements. It is also incumbent upon this role to take a continual development mind–set to ensure their product knowledge represents the latest in control requirements and evidence enabling timely responses to our clients. In particular, the role must take into consideration:
- Building relationships with key stakeholders to allow regular information sharing
- The special requirements of the Firm with regard to client confidentiality, as well as regulatory requirements such as data protection.
- Achieving a balance between protecting the firm and ensuring that users can work effectively; being pragmatic but cognisant of risk.
Key responsibilities
- Technical SME for all client bids and audit responses
- Technical assessor for NRF's supplier security assessments to ensure the protection of the Firms & client data
- Security & IT Product knowledge support, including;
- Global product knowledge liaising with regional IT teams
- Responsible for the upkeep of central response and evidence database
- Continual process improvements
- Providing knowledge transfer to Governance and Compliance Analysts when needed
- Providing wider functional support when needed
- Research and development of technology and processes to increase team efficiency and speed
- Escalating appropriately, where policy compliance is not in place and tracking any remediation actions to completion.
- Performing Vendor risk assessments and providing security requirements to ensure the protection of the firms & client data
- Remain current with developments in the Cyber domain, including the evolving threat landscape and its relevance to the Firm's risk profile.
- Assist other members of the Policy & Compliance team to deliver their functional responsibilities, where required.
- Undertake other reasonable duties as requested by the Information Security Manager.
Skills and Experience Required
- Education – an IT or Information Security qualification or 5+ years' experience in a similar role.
- ISO 27001 qualification and / or experience.
- Experience working in large, matrix and geographically dispersed global organisations where IT and Information Security have played a key role to the business.
- Proven ability and understanding of the role of client bids and audits in business development and the effective management of third–party risk.
- Experience in the use of Governance, Risk & Compliance (GRC) tools
- An ability to learn quickly, solve problems and pragmatically address risk.
- Experience with the creation of reports, dashboards and metrics for presentation.
- Stakeholder management skills, including the ability to communicate complex Information Security concepts in business language.
- Passionate and driven to exceed expectations and to deliver with integrity.
- Effective third–party supplier management skills.
- A relevant industry certification, such as CISSP, CISM, CRISC, CISA or similar, is an advantage.
Personal Attributes:
