Information Security Officer
- Employer
- Ashurst
- Location
- London (Central), London (Greater)
- Salary
- Competitive
- Closing date
- 28 May 2024
View more categoriesView less categories
- Vacancy Type
- IT, Other specialist roles, Risk Management
- Contract Type
- Permanent
- Experience Level
- Officer / Analyst / Engineer / Executive / Coordinator
- Role Classification
- Other Professional
Job Details
About Ashurst
Ashurst is a leading progressive global law firm with a rich history spanning more than 200 years. We are proud of our history and are future-focused, having expanded into new technologies through our NewLaw division, Ashurst Advance, and our consulting arm. Our in-depth understanding of our clients and commitment to providing excellent standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit www.ashurst.com .
Department/Role overview
The successful candidate will play a crucial role in ensuring the security of our systems and data by evaluating the risks associated with third-party vendors and internal projects, and recommending appropriate risk mitigation strategies.
The Information Security Officer (Digital) will work closely with cross-functional teams, including the Office of the Chief Digital Officer, Risk & Compliance, project management, and technical teams, to ensure compliance with security standards and best practices.
Main responsibilities
Assessing Security Risks (SCTY - Level 4, BURM - Level 4)
- Conduct vendor risk assessments and project security risk assessments based on established methodologies and frameworks.
- Evaluate security risks associated with third-party vendors and internal projects, considering factors such as security, privacy, and compliance.
- Identify vulnerabilities and potential risks and provide recommendations for risk mitigation strategies.
- Apply knowledge of industry best practices and regulatory requirements to assess and mitigate security risks.
Information Security (SCTY - Level 4)
- Ensure compliance with security policies, standards, and procedures in vendor relationships and project activities.
- Develop and maintain security assessment frameworks and methodologies for vendor risk assessments and project security risk assessments.
- Stay informed about emerging security threats, industry trends, and regulatory requirements related to vendor management and project security.
- Participate in incident response activities and contribute to security incident investigations and remediation efforts.
Supplier Relationship Management (SUPP - Level 4)
- Collaborate with procurement teams to assess and manage security risks associated with vendors.
- Review vendor security documentation, such as questionnaires, audits, and certifications, to evaluate their security posture.
- Provide guidance to procurement teams regarding security requirements and standards for vendor selection and ongoing monitoring
Risk Management (BURM - Level 4)
- Apply risk management principles to identify, assess, and prioritise security risks.
- Collaborate with project managers and technical teams to assess security risks and propose appropriate risk mitigation strategies.
- Track and monitor the implementation of security remediation plans.
Security Compliance Management (SCAD - Level 3, SCTY - Level 4, AUDT - Level 4
- Conduct periodic reviews and audits to ensure compliance with security policies, standards, and regulatory requirements.
- Support the development and enforcement of security policies, standards, and procedures related to vendor management and project security.
- Provide security awareness training and guidance to staff as required.
Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.
Essential skills and experience
- Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
- Professional certifications such as CISA, CISM, or similar credentials are preferred.
- Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST).
- Experience in conducting vendor risk assessments and project security risk assessments.
- Familiarity with security frameworks and assessment methodologies.
- Knowledge of regulatory requirements related to data privacy and protection (e.g., GDPR, CCPA) is a plus.
- Strong analytical and problem-solving skills.
- Excellent written and verbal communication skills.
- Ability to work independently and collaboratively in a team-oriented environment.
- Attention to detail and a commitment to maintaining high-quality standards.
Other Responsibilities (as required)
- Other suitable duties, consistent with the duties and responsibilities of the position as directed by the supervisor or nominated delegate.
Background checks
In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations.
Company
Ashurst is a leading progressive global law firm with a rich history spanning more than 200 years. We are proud of our history and are future-focused, having expanded into new technologies through our NewLaw division, Ashurst Advance, and our consulting arm. Our in-depth understanding of our clients and commitment to providing excellent standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit www.ashurst.com
- Telephone
- +44 20 7638 1111
- Location
-
London Fruit & Wool Exchange
1 Duval Square
London
E1 6PW
GB
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert