Senior Assistant Information Security Office
We are currently recruiting for a Senior Information Security Assistant to join our Info Sec team. The Info Sec team are responsible for identifying and mitigating the major info sec risks for the firm and ensure compliance against specific regulatory and best practice standards. You will be working closely with the Head of Information and Cyber Security and in line with our ISO27001 certification and regulatory and client requirements.
In return we will invest in you. We want you to be successful. You will receive a bespoke, on-going training programme to ensure you develop your commercial and technical skills to allow you to deliver the varied workload to a high standard. As a member of our Support team you will be a vital part of our continued success. There isn't an "us and them" mentality and you will be recognised for your hard work and support.
As a Senior Information Security Assistant your day to day remit includes:
- Acting (together with the other Senior Information Security Assistant) as the deputy for the Head of Information and Cyber Security;
- Continue the enhancement and implementation of information security and data processing policies and standards across the firm and in particular, auditing and maintaining our ISO27001 processes and accreditation;
- Act as a point of reference on best practice in relation to IT and IS governance, controls and practices across the firm;
- Attend and contribute to internal governance and project meetings including Group Risk Managers Meeting, Change Approval Board, Info Sec Forum and Information Lifecycle Project
- Manage and implement internal, client and external info sec audits
- Maintain the internal policy and procedure bank
- Offer training on aspects of information security policy to the firm as required.
- Research and evaluate emerging security threats and ways in which to manage or mitigate them.
- Supporting users on change control and system updates to ensure best-practice is followed
- Work closely with multiple 3rd-party suppliers to ensure any risks are understood and mitigated against.
- Offer advice and guidance to internal stakeholders to ensure best-practice is always followed.
- Managing the compliance and vulnerability management platforms for both on prem and cloud-based assets.
- Managing third party penetration testing including scoping, analysis, remediation planning and tracking.
- Identifying weaknesses in security tools, process and procedures and provide recommendations to resolve.
- Supporting the assessment of the security posture of the organisation and be able to give sounds advice for security tooling in place and new technologies.
- Work closely with other members of the Technical and Operational Teams to support various projects across the organisation
- Keep up to date with current cyber security risks and mitigation techniques
The Ideal Candidate
Our employees are talented people, distinguished by technical excellence, with a willingness to embrace team working and a passion for client service. You will be able to demonstrate the following experience and skills:
- Proven experience of having managed an Information security management system (ISMS) and maintaining ISO27001 certification in a multi-site operation;
- Solid understanding of IT and experience in developing IT governance, controls and best practice processes in the form of the IT infrastructure library (ITIL) and IT service management certification (BS ISO/IEC 20000);
- Considerable experience in undertaking a range of internal and third party audits around Information security, data protection and IT governance and controls;
- Experience in developing physical security best practice processes and controls;
- Good understanding of the Data Protection Act and GDPR provisions;
- Excellent understanding and practical experience of the principles of risk assessment and risk treatment, including operational risk as well as compliance monitoring and reporting;
- Results orientated with good communication and interpersonal skills.
- Proven experience writing policies and procedural documentation for IT systems/requirements.
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, partners/directors, managers, staff at all levels, external and internal stakeholders, clients and subject matter experts.
- Strong Knowledge of applications, networks and system vulnerabilities and understanding of attacker techniques to exploit these vulnerabilities.
- Experience with cloud environments i.e. Azure and AWS·
- Experience with project engagements, using waterfall and agile methodology
- Ability to understand complex web and standalone applications/systems architectures involving multiple technologies.
- An understanding and experience with vulnerability management, SIEM and malware
- Knowledge of penetration testing procedures
- Knowledge of processes and tools relating to information security
- CISSP security qualification or currently studying for CISSP
- Experienced with internal/external security penetration testing
TLT is committed to creating a diverse working environment and encourages applications from all suitably qualified people, regardless of any of the characteristics protected by the laws in the locations in which we operate. We welcome applications from people with disabilities and as a Disability Confident Employer, we are committed to providing reasonable adjustments, where necessary, to make interviews and jobs more accessible. Should you have any difficulty during the recruitment process, require any reasonable adjustments or an application to Access to work please contact the recruitment team on HR-Recruitment@TLTsolicitors.com
We value our employees highly and we want you to feel valued. You will receive a competitive basic salary with an annual pay review. You will also have access to an extensive range of benefits via our flexible benefits scheme including 25 days holiday (which will increase to 30 days based upon length of service) and private medical insurance.
About the Firm
We’re an ambitious UK law firm built around the needs of our high profile clients. With over 1000 employees and 100 partners across our six UK offices, we’ve grown considerably in the last three years – and so have our revenues. Open-minded? Definitively. Forward-focused? Absolutely. An energetic firm with an entrepreneurial, collaborative culture, we’re always looking to recruit highly talented individuals with the drive to succeed. So if you’re dynamic, determined and looking for a firm where you can develop your skills, join us and we’ll give you everything you need to thrive.