IT Governance, Risk & Compliance Leader

London (Central), London (Greater)
13 Nov 2020
12 Jan 2021
Role Classification
Other Professional
Contract Type
Experience Level

About Ashurst:

Ashurst is a leading global law firm with a history spanning almost 200 years, and clear strategy for our future growth. Our in-depth understanding of our clients and commitment to providing exceptional standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit here.

In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations.

Business Area: IT

Role: IT Governance, Risk & Compliance Leader


Reporting to: Head of IT Strategy & Implementation

Hours of work:

Monday to Friday, 09:30 - 17:30. You may be required to work additional hours from time to time.

Department/Role Overview:

Responsible for the strategy and programme delivery to drive an improved risk management culture across IT. This will include the implementation of an IT policy framework, risk management methodology/processes/tools and standardised governance methods.

This role will also act as an advisor on risk posture and control effectiveness across IT and support the firm's clients in understanding our risk and control effectiveness.

Main responsibilities:

This role is responsible for following key areas in the Global Information Technology function of Ashurst:

Technology Risk Management

  • Define and implement a technology risk policy and framework that aligns to the business and IT risk appetite.
  • Own and manage an IT Risk Register with appropriate governance processes aligned to firm wide risk management.
  • Implement a 2nd line of defence assessment programme to determine control effectiveness.
  • Provide oversight and tracking of open risk remediation, including external client audit findings.
  • Implement processes and technology solutions to improve management of risk across the firm.
  • Ensure Technology risk is aligned to the Ashurst enterprise and operational risk framework.

Technology Governance Framework

  • Implement, maintain and continually refine a governance framework across Global IT.
  • Manage and monitor all IT policies ensuring that they have ownership, are updated/reviewed regularly and clearly communicated.
  • Monitor, measure and report across the information technology risk and control landscape.
  • Identify any trends that may require further action e.g. improved change control, further PMO controls etc.
  • Implement standard documentation/processes and drive their adoptions across Global IT.
  • Support process owners to prepare procedures to underpin the approved policies.

Client Audit Relationship Management

  • The IT relationship manager for client information technology requirements, including audit, contract renewal and new technology implementation.
  • Act as a trusted advisor on information technology risk related activities, processes, policies and procedures across the firm and its client base.
  • Ensure that information technology risk advice is aligned with business and client needs and requirements.

Information Security & Programme Management

  • Liaise and work closely with the Information Security Group and the Information Security Team across the firm.
  • Manage the delivery of global programmes as assigned.
  • Other tasks as assigned.

Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.

Essential skills and experience:

  • Thorough understanding and demonstrated experience of Information Technology risk and Information Security.
  • Industry certified such as CISSP, CISM and/or CRISC.
  • General understanding of COBIT.
  • Ability to work with and across all support functions in the firm.
  • Excellent analytical skills.
  • Excellent written and communication skills.
  • Good networking skills.
  • Able to listen to, understand and respond to client requirements.
  • Able to operate within a project brief, reporting to the a Head of Function.
  • Awareness/exposure to different software development life cycles and methods.
  • Produce high level solutions/approaches, requiring systems analysis and design skills.
  • High level of familiarity with MS office as a production tool.
  • Liaise with colleagues in Risk and Compliance and management generally to assist with research and evaluation of software solutions from 3rd party suppliers and production of necessary deliverables such as tender documents, liaising with suppliers.
  • Able to handle multiple tasks.
  • Able to manage small projects from inception to delivery.
  • Full project lifecycle experience.
  • Detail oriented with an ability to work accurately and efficiently even when under pressure.
  • Ability to complete set tasks with minimal supervision.
  • Tactful and diplomatic when in pressured situations.
  • Strong written and verbal communication skills.
  • Uses initiative - 'can do' approach.
  • Client focused.

Desired skills and experience:

  • Working within a structured project framework.
  • Knowledge of legal sector and current risks.
  • Familiar with ITIL, Prince 2, Agile.