Information Security Officer

This job has now expired please search on the home page to find live IT Jobs.

The main purpose of this role is to develop and manage the Information Security Framework across the firm, in line with policy, industry best practice, SRA guidelines and Client contractual requirements.Client DetailsMy client is an established multi-office law firm with HQ in Bristol. DescriptionThe main purpose of this role is to develop and manage the Information Security Framework across the firm, in line with business policy, industry best practice, SRA guidelines and Client contractual requirements.More specifically you will:ServicesCoordinate internal efforts toward maintenance of relevant information security standards as the firm sees fit to adopt (e.g. ISO 27001) and a culture of continuous improvementEnsure adherence to, communication and training of Information Security policies, procedures and guidelinesManage the Information Security aspects of client bids, on-boarding and auditsDelivery of Information Security reporting, presentations and KPI'sProvide Representation on external Information Security groupsInformation Security Management FrameworkIncrease awareness of Information Security Management across the firm through development of training, intranet communications and high level support (with the IT training team)Support the Risk and Compliance team, COLP and COFA in their work to manage risk and security across the firmMaintain appropriate Information Security risk registers and remediation measures with business managers, CCP and IT/Risk and Compliance managersCo-ordinate all required policies and guidelines for Information Security and provide guidance to policy owners on how to achieve compliance with required standardsCo-ordinate and deliver the internal audit regimeInformation SecurityEnsure that all documentation complies with client requirements, ISO 27001 (or appropriate certifications) and business policy in order to safeguard confidentiality and integrity of business informationManage, maintain and regularly review security and compliance regime for ISO 27001 and other appropriate certifications and business policyCo-ordinate day to day monitoring, detection, prevention and operation of our security breach processProduce of Information Security risk indicators including heat maps / modelsOrganise monthly Information Security Report showing trend analysis and client reportsPlan annual management reviewMangement of Client on-boardingRespond to and support the bid process with regards to Information Security related issuesManage response to Client's Information Security questionnairesImplement Information Security controls for new clients and/or where new services are deliveredCoordinate and manage scheduled audits by external auditors or clientsContinuous ImprovementEnsure that all measures implemented are reviewed and audited regularly to meet the needs of auditors and ensure complianceIdentification of areas of improvement for risk management, recommending and implementing best practice where appropriateSupplier managementEnsure Supplier DDQs are carried out and reviewed for suppliersSupport R&C with contract review in relation in InfoSec clauses and requirementsProfile Technical requirements:Professionally qualified to one of CISSP/CISM/CISA with an awareness of applicable data privacy practices and lawsGood understanding of the technologies available in order to improve system availability and meet Business Continuity goalsISO27001 / Cyber Essentials + implementation/audit experience. Broad ranging consultancy skills (problem solving, change management, influencing, communication, research and data collection and analysis, process mapping, creative thinking, negotiation, etc.An understanding of project management principlesMore generally:Outstanding communication skillsExperience working in a multi-site teamAbility to present ideas in business-friendly and user-friendly language across multiple geographiesExcellent understanding of the firm's goals and objectivesAbility to effectively prioritise and execute tasks in a high-pressure environmentKeen attention to detail in terms of both tasks and communicationsGood interpersonal skills and able to interact with people at all levelsAble to command respect of highly technical teams and influence at senior levels of the firmJob Offer£55,000 - £65,000 + additional benefits