Information Security Specialist

About Gowling WLG

We have more than 1,400 legal professionals working around the world. Our offices span across 19 cities in Canada, the UK, Continental Europe, Asia and the Middle East. There's strength in our global presence – we embrace our differing cultures and work together as one team. We also understand the importance of investing in relationships that build knowledge and trust, while we provide legal advice that's tailored to our clients' world.

'Our people and distinct culture are what makes us different. We know this through client and employee feedback and this drives everything we do'' Chris Oglethorpe, HR Director.

There are great opportunities for all our people to flourish. Through training and personal development they can grow in their role. Our people are the cornerstone of our success, across legal, business support and early talent. We care about their happiness and believe in the power of teamwork. We want them to feel empowered and recognise that by supporting, respecting and embracing everyone's different contributions we achieve more.

Working flexibly, working fairly

Agile working offers people more freedom and flexibility in where, when, and how they work. As technology advances and our workforce becomes more diverse – and with clients often working to a 24/7 rhythm – having extra flexibility is key to helping us balance work and other commitments sensibly and productively.

By supporting people to choose where and when they get their work done, we help them to make a full and fair contribution to their team – while maintaining that all important work-life balance.

Where possible and depending on business needs, we will consider all flexible working options such as part-time working, job sharing, working from home and staggered hours. If in considering a role with Gowling WLG you favour flexibility in your working arrangements, please discuss this with the recruitment team in the early stages of the application process.

Main Purpose of the Job

This is a dynamic role combining security solution design, implementation, assurance and review activities with standards, policy and procedure development.

Strong analytical, information security and application security skills are required along with a technical understanding of the practical application of information security controls within legal services firms.

Main Duties and Responsibilities

To act as an Information Security Specialist for Gowling WLG’s by:

• Working with suppliers' support teams and relevant user groups to ensure strong, relevant and up-to-date product knowledge and helping to transfer this knowledge to other members of the IT teams
• Understanding technology trends and the practical application of existing, new, and emerging technologies to enable new and evolving operating processes for the business
• Analysing the technology industry, competitors and market trends, and determining (and sharing) their potential impact on core technology for the business
• Working with the Business Change team to deliver projects including any system upgrades and enabling security  - working collaboratively with all colleagues throughout all stages of implementation through to user acceptance and ongoing support and maintenance
• Observing good data governance, system controls and documentation as per the firm’s policies
• Ensuring that system setup, configuration records and processes are documented and kept up to date
• Consulting with Enterprise and Solution Architects to ensure development projects fit systems/infrastructure architecture, and identifying when it is necessary to modify projects to accommodate the systems/infrastructure architecture for security purposes
• Provide technical advice and guidance on IT security related requests
• Consulting with the Information Security Officer to ensure that any proposed software developments or changes do not compromise the security of the firm’s data
• understanding security requirements and issues, and identifying encryption and controls needed to protect information
• adhering to privacy by design principles, enabling use of test data, pseudonymisation and encryption at rest, ability to delete data
• building in full auditing and error logging to any applications or customisations
• ability to output logs of security events to security monitoring software
• prioritising security above functionality and performance, whilst being pragmatic and taking a risk based approach
• Liaising with external providers to resolve any issues in the functionality and interoperability of new applications, infrastructure and other services with existing IT systems
• Participating in 8am to 8pm Service Delivery service provision shifts as necessary
• Participating in 8pm to 8am Service Delivery Out-of-Hours Support (OHS) service provision team(s) as an OHS consultant

To promote the chosen subject matter area by:

• Being known as the expert and sharing knowledge readily
• Creating a ‘brand’ awareness
• Developing and maintaining business user and vendor relations
• Developing and maintaining best practices and standards
• Instilling a positive work environment
• Facilitating effective staff development (especially Subject Matter Analysts)
• Communicating regularly with all levels of management
• Demonstrating the willingness and ability and to take a ‘product owner’ approach to areas of expertise

Support Information & Cyber Security function

• Provides security consultancy/advice as needed
• Ensures that documentation of the supported components is available and in an appropriate format
• Identifies operational problems and accountable for their resolution in accordance with agreed standards and procedures
• Provides reports and proposals for improvement
• Input into due diligence and relationship management of 3rd party vendors’ security

Support of Threat Detection and Prevention function

• Develops new detective and investigative capabilities
• Maintains knowledge of security laws, principles and best practices. Must remain current with emerging threats and trends
• Performs data analysis and threat research
• Supports security risk and vulnerability assessments for defined business applications

Support of Security Infrastructure

• Manages processes relating to the installation, maintenance and operation of security infrastructure including firewalls, anti-virus and IPS
• Responsible for the implementation of agreed changes
• Regularly reviewing infrastructure to ensure best practices are being followed and where necessary to escalate problems/issues (process or compliance) as necessary
• Input into technology designs to ensure security standards are adhered to
• Enforcing role based access control
• Incident handling
• Initiates and monitors actions to investigate and resolve problems in systems and services.
• Responsible for the implementation of agreed remedies and preventative measures.
• Ensures that incidents and requests are handled according to agreed procedures
• Investigates identified security breaches in accordance with established procedures and responsible for applying the appropriate remediation
• Conducts forensic investigations for HR, Legal, or incident response related activities

Projects

• Leads information security related projects
• Evaluates new security technologies and products and performs engineer-level work and analysis to determine if solutions should be pursued
• Provides security consultancy/advice as needed to operational and project teams
• Validates that proposed solutions are acceptable from a security standpoint

Key skills and experience

Required skills:

• At least one of CISM, CISSP, CIPP (or other similar certification)
• Degree level education or equivalent experience
• Experience of people management
• Knowledge of network protocols, network hardware, web technologies and hacking techniques
• Experience managing identity and access management
• Working knowledge of security systems and appliances (Cisco, proxies, endpoint controls, IDS/IPS, DLP, SIEM, vulnerability assessment tools, etc.)
• Demonstrated technical understanding of IT infrastructure, applications, data storage and design concepts
• Demonstrated technical understanding of cloud services architecture and multi-tenant connectivity solutions
• Excellent customer facing, presentation, interpersonal and communication skills, with an ability to share expertise with others
• Experience of working in technical and complex change programs
• Ability to set and manage priorities judiciously
• Exceptionally self-motivated, directed and detail-oriented
• Superior analytical, evaluative and problem-solving abilities
• Able to adapt to changing circumstances effectively
• Ideally a graduate qualified in computer science/information systems/related fields and/or
• Three or more years of IT and Business User experience, with sensitivity and commitment to business problem solving - ideally experience of working with a range of technologies (including Microsoft) within business/operations areas of the legal profession or other professional services, with a global component
• A minimum of two years of demonstrated competency in a subject matter expert role involving maintaining and improving existing IT/Information systems, solutions and services along with the successful execution of multiple projects for new systems, solutions and services including
  • strong knowledge of subject matter concepts, patterns and practices
  • in-depth knowledge of subject matter and its future direction
  • enterprise IT support experience (ideally on a large scale)
  • coordinating testing efforts to identify and resolve any system integration issues
  • ideally experience of Agile or iterative development methodologies (such as DevOps)
• Excellent planning and organisational skills
  • preparing proposals that are acceptable to the technical and business areas
  • ability to provide reliable work estimates
• Excellent understanding of current and emerging technologies and how other enterprises are employing them to drive digital business – with a focus on end-user needs
• Excellent written and verbal communication skills, with the ability to effectively communicate technical concepts to non-technical people at all levels
  • comfortable dealing with key customer decision makers such as IT Directors, project managers and business staff
  • strong technical writing ability
  • ability to assist with delivering consultancy and technical advice
• Strong analytical, diagnostic and problem-solving skills with the ability to absorb new information quickly
• Ability to excel in a fast-paced, ambiguous, and evolving marketplace
• Methodical with excellent attention to detail
• Ability to adapt to various internal and external situations and deliver high quality service
• Team player, providing support to colleagues and managers and working with teams across the firm
• Flexible approach with a customer and business focus
• Experience of working within a matrix organisation, including reporting into a number of people including technical line managers and project managers
• Evidence demonstrating ability to work efficiently and effectively under pressure of deadlines including expertise in prioritising competing workloads

Equal Opportunities

Gowling WLG is committed both to promoting equality and diversity in the firm and to Equal Opportunities in employment.  The firm believes in equality of opportunity regardless of race or racial group (including colour, nationality, ethnicity, national origins), religion or belief, age, disability, sexual orientation, sex, gender re-assignment and gender identity, marriage and civil partnership, and pregnancy, maternity and paternity.  This also includes any incidents of perceptive or associative discrimination and harassment.

At Gowling WLG we seek to attract and retain talented people from a diverse range of backgrounds and cultures, to create an exciting and rewarding place to work.  Our aim is to fulfil everyone's potential and together to achieve personal and business goals.