Description
Award winning law firm Osborne Clarke are looking for an Information Security Analyst to join their growing Information Security team in in our London or Bristol office. This is a permanent role offering hybrid working.
The role of the Information Security Analyst is committed to maintaining the highest level of data security and protecting our systems from threats. As part of our ongoing efforts to enhance our information security posture, we are seeking a skilled and motivated Information Security Analyst to join our team.
Osborne Clarke
Osborne Clarke is a future-focused international legal practice with over Partners and more than 1, talented lawyers in offices around the world*. Our three-dimensional approach to client service combines legal expertise, in-depth understanding of our clients and the sectors they operate in, together with insight into the global issues that are transforming the landscape of how we live, work and do business: Decarbonisation, Digitalisation and Urban Dynamics. Looking around corners to help our clients solve legal and business challenges, big and small, and harness the opportunities of change - together we'll be ready for what's next.
We love working closely with our clients on new deals, products and solutions which will transform their businesses, markets and even sectors. And our unique approachable culture is not an added extra, it's fundamental to our success.
Job description:
As an Information Security Analyst, you will play a crucial role in safeguarding our organisation's assets from potential threats. You will be responsible for raising awareness with colleagues, assessing risks, implementing controls, and ensuring compliance with industry standards and best practices.
Key responsibilities include:
Developing, maintaining and publishing ISMS documentation (processes, procedures and guidelines), ensuring overall governance and continual improvement of information security controls. Maintaining conformance with ISO , including adaptation of the ISMS to meet evolved structure and requirements of ISO :2, and other applicable standards. Helping expand the scope of ISO certification to include other international entities of the firm, especially with local processes, risks, controls, internal and external audits and management review Stay up to date with the latest trends, technologies, and regulatory requirements. Maintain and share awareness of security industry trends including evaluation of new and emerging security technologies and make recommendations to stakeholders Continuing to enhance the firms security culture through awareness programmes and training Working with departments and systems across the business to conduct security risk assessments and carry out treatment plans. Planning and performing periodic internal audits and compliance activities, supporting internal or external security audit processes, defining and implementing any required remediation activities. Assisting with investigation and triage of any security incidents or issues reported, including use of monitoring activities, scanning/test tools and results to determine potential weaknesses, threat patterns, and trends. Ensuring resolution, root cause analysis and coordination of remediation activities to ensure effective tracking to closure of potential security breaches, attacks or policy violations. Help respond to customer requests for information security compliance, controls and contractual measures. Prepare and present reports on security incidents, risks, and mitigation strategies to management and stakeholders. Carry out supplier due diligence, monitoring and regular review of performance, including supplier audits.
What we're looking for:
The successful candidate will need to have proven experience in a similar role and professional certification in Information Security CISSP, CISMP, Lead ISMS Implementer or Auditor). You'll also need to demonstrate the following:
General
Strong interpersonal and communication skills (spoken, written and presentation) able to work with, influence and educate people at all levels Broad ranging consultancy skills (problem solving, change management, influencing, communication, research and data collection and analysis, process mapping, creative thinking, negotiation) Credible and effective thinker and planner, with good understanding of the firm's goals and objectives Excellent attention to detail in terms of task planning, execution and communication Ability to present ideas in business-friendly and user-friendly language across multiple geographies Highly organised and outcome focussed Proactive in the face of challenges, keen to enjoy work and make an effective contribution Able to effectively prioritise and execute tasks within a fast-paced environment Excellent analytical and problem solving skills. Strong communication and collaboration abilities.
Technical
Trained as an auditor in ISO management systems, ideally ISO but relevant others also considered. Strong knowledge of certifications and standards such as ISO , Cyber Essentials (plus), ISO and/or NIST controls Good awareness of IT security measures, best practices and industry standards. Experience with incident response procedures and tools. Good understanding of cyber security and technology Knowledge of cloud security or services, especially Azure Knowledge of Office Practical and/or theoretical knowledge of security protocols and tools such as ZScaler
Salary and benefits
We offer competitive salaries and generous