Information Security Officer - 3 month Contract
Ashurst is a leading global law firm with a history spanning almost 200 years, and clear strategy for our future growth. Our in-depth understanding of our clients and commitment to providing exceptional standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit here
In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations
Business Area - IT
Role: Information Security Officer – 3 Month Contract
Location: Based at Ashurst’s London. Some international travel and travel to Glasgow may be required from time to time
Reporting to: Head of Information Security
Hours of work - Monday to Friday, 09:30 - 17:30. You may be required to work additional hours from time to time
Department/ Role Overview:
Advising on maintaining and improving security of the firm's electronic information assets and of client data and information held by the firm. Responsible for contributing to the vision, strategy and programme/plans to ensure the firm's assets and client data and information are protected to all relevant standards and criteria.
- Act as a trusted advisor on information security related activities, processes, policies and procedures.
- Ensure that information security advise is aligned with business and client needs and requirements
- Monitor, measure and report on the implementation, operation and effectiveness of information security measures.
- Identify any trends that may require further action e.g. improved security awareness, updated controls etc.
- Provide suitable response to any security-related incidents, such that these are properly investigated and appropriate actions are taken
- Monitor threats and vulnerabilities and ensure the information security program is providing appropriate protection against them
- Ensure that the firm's information asset's and systems are adequately protected
- Work closely with IT and the Risk and Compliance teams in developing and executing security strategy and plans
- Prepare appropriate documentation and supporting materials in relation to specific projects
- Work closely with 3rd party suppliers to communicate requirements and deliver solutions
- Adhere to Ashurst's project methodology
- Assist with project management tasks in response to information security requirements
- Work with the firm's clients on client audits and understanding the client's requirements of the firm in the area of information security
- Responsibility for responding to client audits and highlighting remediation measures required .
- Attend regular security briefings from all relevant internal and external sources
- Gain an in-depth understanding of all relevant information security standards
- Manage and monitor all IT policies ensuring that they are in line with the information security requirements of the firm
- Help prepare draft procedures to underpin the approved policies
- Liaise and work closely with the Information Security Group and the Information Security Team in Australia
Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requires and internal policies.
Essential skills and experience:
- Thorough understanding and demonstrated experience implementing ISO 27001/27002 controls.
- Industry certified such as CISSP, CISM and/or CRISC
- Ability to work with and across all support functions in the firm
- Excellent analytical skills
- Excellent written and communication skills
- Good networking skills
- Able to listen to, understand and respond to client requirements
- Able to operate within a project brief, reporting to the IT Director
- Working knowledge of different analysis techniques/methods, including requirements definition and specification, ERD/DFDs etc.
- Awareness/exposure to different software development life cycles and methods
- Produce high level solutions/approaches, requiring systems analysis and design skills
- High level of familiarity with MS office as a production tool
- Liaise with colleagues in Risk and Compliance and management generally to assist with research and evaluation of software solutions from 3rd party suppliers and production of necessary deliverables such as tender documents, liaising with suppliers
- Able to handle multiple tasks
- Able to manage small projects from inception to delivery
- Full project lifecycle experience
- Detail oriented with an ability to work accurately and efficiently even when under pressure
- Ability to complete set tasks with minimal supervision
- Tactful and diplomatic when in pressured situations
- Strong written and verbal communication skills
- Uses initiative - 'can do' approach
- Client focused
Desired skills and experience
- Working within a structured project framework
- Knowledge of legal sector and current risks
- Familiar with ITIL, Prince 2, Agile
Our Culture is shaped by our core values of Collaboration, Excellence, Innovation, Integrity and Accountability. They guide how we relate with each other, our clients, our behaviour.