Information Security Assurance Specialist
The aim of the firm's Information Security and Risk team is to create a secure environment that protects the confidentiality, integrity, and availability of information for both the firm and its clients. The successful candidate will help support this goal by focusing on security governance, compliance, audits, and managing risks related to both internal and client needs.
In this role, you will work with the team to ensure the firm meets information security standards, maintains an Information Security Management System (ISMS), and responds to client security questions, audits, and due diligence requests promptly. You will also represent the firm in external audits and perform internal audits and control checks.
The role requires knowledge of information security standards, strong organisational and writing skills, attention to detail, and the ability to handle sensitive client communications.
You should be self-motivated, comfortable working across departments, and able to deliver high-quality results within deadlines.
The role
- Review client contracts, service level agreements (SLAs), and complete due diligence questionnaires, audit requests, and bids, ensuring deadlines are met.
- Keep a repository of standard security responses and evidence for audits, client assessments, and requests for proposals (RFPs).
- Ensure the firm maintains its certifications and Information Security Management System (ISMS) in line with standards like ISO27001 and manage any audit exercises or necessary improvements for compliance.
- Recommend improvements to information security, governance, risk management, and compliance practices that meet client needs and enhance the firm's security environment.
- Help identify and assess security risks, suggesting appropriate controls, and regularly check the effectiveness of those controls.
- Support the team during busy periods by helping with other Information Security tasks as needed.
- Explore new technologies, such as Artificial Intelligence or Machine Learning, to improve service delivery and make processes more efficient and accurate.
- Identify emerging client requirements and ensure these are considered in the firms information security plans and IT initiatives.
- Stay up to date with changes in cybersecurity, the legal industry, and technology trends that impact information management and IT efficiency.
- Report on key performance and risk indicators related to client due diligence activities each month.
- Educate IT and other teams about client security requirements and expectations.
- Build strong relationships with the Risk and Client Operations teams to ensure that due diligence activities are well-coordinated and executed smoothly.
Ideal experience
- Proven experience in handling Information Security and IT Risk Management in a fast-paced work environment. Experience in the legal industry is a plus but not required.
- Familiarity with international standards and practices in information security, risk management, and control frameworks (such as ISO27001, NIST, or COBIT).
- Strong organizational skills with the ability to manage multiple tasks and competing priorities.
- Able to work well under pressure and meet tight deadlines, quickly grasping new information.
- Strong interpersonal skills, including confidence, positivity, diplomacy, and the ability to influence and build credibility with colleagues and clients.
- Excellent verbal and written communication skills, with the ability to explain technical concepts in a clear and simple way to senior leaders and managers.