General counsel and risk is a multi-disciplinary legal and analytical team. It consists of an internal legal services team, risk and compliance lawyers, internal audit, information security, enterprise risk and new business intake. These disciplines work together globally to ensure that we fulfil all our governance, contractual regulatory and compliance obligations. The general counsel and risk team also advises on the firm's risk profile and risk-based decisions.
The team also supports the executive and governance boards, manages the firm's insurance matters and has responsibility for implementing the firm's client and matter selection strategy.
It advises our partners and lawyers to ensure that Herbert Smith Freehills remains a highly trusted advisor in a constantly changing world, and works with our Business Services professionals in managing risk on behalf of the firm and enabling high quality strategic and risk-based decisions to be made.
This is a new and exciting opportunity within the General Counsel & Risk team as part of our growing global Information Security team.
The individual will work closely with the UK and Australia-based team in the following primary areas of responsibility:
Primary point of contact for information security issues in our UK, EMEA and US offices.Maintaining information security standards, guidelines, procedures and local exceptions.Maintaining and expanding our ISO 27001 certification, in particular:Supporting security governance activities.Maintaining ISMS tools and documentation.Risk assessing new systems and suppliers.Preparing new and existing business units for certification.Supporting and responding to security audit activities.Developing new content and methods for security education and awareness.Providing information security advice to the business.Responding to client enquiries and monitoring compliance.
Assisting with day-to-day operational issues and incidents.Building lasting and valuable relationships with internal stakeholders, especially IT and fee-earners.
Please note this role is concerned with governance, risk and compliance elements of general information security; it is not a technical IT/Cyber Security role albeit a strong appreciation of IT and IT/Cyber Security concepts is required for this role to be successful.
Degree educated (technical degree or similar).We would expect the successful candidate to have five or more years' experience in information security but may consider those with less experience providing they can demonstrate they meet the required competencies.Strong knowledge of ISO 27001 and certification.One or more of the following - MSc in security or similar, CISSP, CISA/CISM, ISO 27001 Lead Auditor.Professional Services experience preferable.Proven track record with information security projects.Ability to identify and analyse complex security risks and controls.Working knowledge of a broad range of security standards, control frameworks and good practice.Adaptable, diligent and works with initiative.Strong relationship builder - internal and external.Experience working as part of a global team.