Technical Information Security Governance & Compliance Senior Analyst

Job Description

Practice Group / Department: IT Security Job Description Were Norton Rose Fulbright - a global law firm with over 50 offices and 7,000 employees worldwide. We provide the world’s preeminent corporations and financial institutions with a full business law service. As well as the relevant skills and experience, werelooking for people who are innovative, commercial and value the work that they do. To attract the best people, we strive to create a diverse and inclusive environment where everyone can bring their whole selves to work, have a sense of belonging, and realizetheir full career potential. We value difference and actively promote a culture of respect for each individual, encouraging and creating inclusion. Our new hybrid working model allows our people to have more flexibility in the way they choose to work fromboth the office and a remote location, while continuing to deliver the highest standards of service. We offer a range of family friendly and inclusive employment policies and provide access to programmes and services aimed at nurturing our people’s healthand overall wellbeing. The TeamThe Information Security team report to the Global Chief Information Security Officer (CISO). The team work with unified principles and processes around the world while maintaining regional stakeholder relationships. High standards are achieved by the adherenceto international best practice principles (ISO 27001) and continual improvement methodologies.The scope of the Information Security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. In many cases, the operational running of security controls is the responsibilityof IT Service Delivery teams or departments such as HR, Facilities, Procurement, General Counsel etc., The Information Security team remains responsible for ensuring the effectiveness of the overall control framework and ensuring that any related risks areidentified / incidents managed.The RoleThe Technical Information Security Governance & Compliance Analyst takes responsibility for all technical control responses supporting the client bids/audits and supplier assessment process. The role is a key part of supplying assurance to our clients onthe technical security measures we have in place for the protection of client data. Providing project support for other security functional areas may also be required on an ad hoc basis.The success of this role is dependent upon building a lasting alignment between client requirements and NRF’s information security provisions and business requirements. It is also incumbent upon this role to take a continual development mind-set to ensuretheir product knowledge represents the latest in control requirements and evidence enabling timely responses to our clients. In particular, the role must take into consideration:

• Building relationships with key stakeholders to allow regular information sharing
• The special requirements of the Firm with regard to client confidentiality, as well as regulatory requirements such as data protection.
• Achieving a balance between protecting the firm and ensuring that users can work effectively; being pragmatic but cognisant of risk.

Key responsibilities

• Technical SME for all client bids and audit responses
• Technical assessor for NRF’s supplier security assessments to ensure the protection of the Firms & client data
• Security & IT Product knowledge support, including;
  • Global product knowledge liaising with regional IT teams
  • Responsible for the upkeep of central response and evidence database
  • Continual process improvements
• Providing knowledge transfer to Governance and Compliance Analysts when needed
• Providing wider functional support when needed
• Research and development of technology and processes to increase team efficiency and speed
• Escalating appropriately, where policy compliance is not in place and tracking any remediation actions to completion.
• Performing Vendor risk assessments and providing security requirements to ensure the protection of the firms & client data
• Remain current with developments in the Cyber domain, including the evolving threat landscape and its relevance to the Firm’s risk profile.
• Assist other members of the Policy & Compliance team to deliver their functional responsibilities, where required.
• Undertake other reasonable duties as requested by the Information Security Manager.

Skills and Experience Required

• Education – an IT or Information Security qualification or 5+ years’ experience in a similar role.
• ISO 27001 qualification and / or experience.
• Experience working in large, matrix and geographically dispersed global organisations where IT and Information Security have played a key role to the business.
• Proven ability and understanding of the role of client bids and audits in business development and the effective management of third-party risk.
• Experience in the use of Governance, Risk & Compliance (GRC) tools
• An ability to learn quickly, solve problems and pragmatically address risk.
• Experience with the creation of reports, dashboards and metrics for presentation.
• Stakeholder management skills, including the ability to communicate complex Information Security concepts in business language.
• Passionate and driven to exceed expectations and to deliver with integrity.
• Effective third-party supplier management skills.
• A relevant industry certification, such as CISSP, CISM, CRISC, CISA or similar, is an advantage.

Personal Attributes:

Keen sense of responsibility, ability to set a professional example and desire to adhere to defined security practices.

Integrity and professionalism, with a consistent and uncompromising adherence to best practice.

Strong stakeholder management skills, including the ability to communicate complex Information Security concepts in business language.

Passionate and driven to exceed expectations and to deliver with integrity.

Strong security understanding.

Self-motivated and able to work calmly and methodically under pressure.

Excellent interpersonal skills, exceptional levels of personal integrity and the ability to communicate clearly at all levels through reports, presentations and forming effective matrixed relationships.

Flexible approach to incorporate changing priorities.

Co-operative and established team worker.Good judgement when it comes to confidentiality and sensitivity of information