LAW FIRM INFORMATION SECURITY MANAGER (REMOTE IN THE UK)
COMPLIANCE/RISK EXPERIENCE OF I.S. CONTROLS & GDPR EXPERIENCE REQUIRED
£ 65000 - £ 75000 + Bonus + Benefits
Remote
Ref: 3985G
Our client, a national law firm, is looking for an Information Security Manager to work for the Head of Risk and Compliance. Duties include;
- Ensuring that risks around information/cyber security and data protection are properly identified and appropriately managed to ensure compliance with regulatory obligations and those of our clients
- Working with colleagues in IT to ensure that our regulatory obligations and risks around information/cyber security are appropriately managed through our innovation, our use of data and in developing our projects
- Ensuring that information security and data protection policies are appropriately aligned with the business and our ISO management standard
- Provide expert guidance in raising awareness and in developing training to increase risk awareness within our firm and ensuring that our policies are embedded
- Analysing risks associated with information/cyber security and data protection and providing reports and metrics to the Exec and as part of the quarterly Risk & Compliance team reporting
- Supports the internal and external audit programme to ensure that the remediation actions required are completed in a timely and effective manner
- Ensuring that the impact of client requirements regarding information/cyber security and data protection are properly assessed and supporting the business to provide the appropriate responses to client requests, such as tender/assurance questionnaires
- Appropriately assessing the information/cyber security and data protection risks associated with high-risk suppliers and third parties to ensure compliance with certifications/accreditations and client requirements
- Provide expert guidance to the Risk & Compliance Team in their incident and breach management of information/cyber security and data protection events, including escalation, mitigation, reporting and lessons learnt
You should have experience managing information & cyber security risk as a manager & strategic thinker from a similar Compliance or Risk team, less as a technology expert (as the firm has a well-staffed IT team to support this role). Any previous experience from a law firm (or other professional services firm) is useful but more important is experience in both data protection legislation (including the Data Protection Act 2018 & UK/ EU GDPR) and information security controls (ideally including ISO27001 if possible)
NB the firm has offices nationally and the role can be based at any of these or else be fully home-based in the UK but with monthly (paid) travel to their Midlands office where the main IT team is based.
So, if that sounds like you, then please send your details to our MD, David Symes FCA, at david@compliancerecruitment.com (including a contact no) however please note we cannot reply to all applications so only successful applications will be contacted (although under no circumstances are your details ever passed on without your specific permission).
Compliance Recruitment Solutions Limited (CRS) are acting as an employment agency in relation to this role.
The recruiter has stated that all applicants for this job should be able to prove that they are legally entitled to work in the UK. Through applying, all candidates signify their acceptance of the above information and confirm that the information they provide is true and accurate to the best of their knowledge.