Information Security GRC Analyst

Farrer & Co is synonymous with the highest quality legal advice and service.

We advise individuals, families, businesses, financial services, educational and not-for-profit organisations on every aspect of the law, wherever the need arises. From our offices in London we work with trusted professionals around the world to deliver a seamless international service.

Our clients present us with complex and varied challenges. Whether that's a complicated family trust issue, a multinational corporate transaction, or an emerging threat to their reputation, they need clear thinkers who can advise on the best solutions, fast thinkers when speed is of the essence and agile thinkers who can produce a fresh approach to get the job done. That's why they choose us.

Our clients value our in-depth knowledge, technical excellence and diversity of disciplines. But what really binds our long-standing relationships with them is our approach: pragmatic, plain speaking and always steadfast in our values, which we hold dear. Values which mean we gain our clients' trust, always strive to do the right thing, and aim for the best results for them.

Superb client service sits at the heart of everything we do. We are modern lawyers with timeless values.

This role will support the Senior Information Security Manager with oversight of the Firm’s Information Security Management System (ISMS) focused on governance, risk, and compliance functions. The roles cover broad aspects of information security management principles with varied responsibilities to support the overall information security strategy. This will help with maintaining various security related accreditations, embed security culture across the firm and contribute towards helping the Risk & Information Security team meet and  exceed customer expectations and deliver a consistent and efficient service. 

• Support team with various ISO27001 related projects to include planning internal and external audits, risk assessment, risk treatment and improvement plans, and support with implementation of control objectives.
• Support with Information Security Education and Awareness strategy to include delivery of training using various methods, simulation exercises, communication, reporting and trend analysis.
• Information security incident management liaising with Security Operations Team to include reporting, advising, response and escalation to management.
• Manage and maintain client due diligence questionnaires on behalf of InfoSec and IT to include maintaining repository of questions and ensuring timely responses are submitted to requesting team.
• Support with onboarding of new suppliers as part of Project Management process and Supplier Risk Management policy, maintaining and reviewing third party questionnaires, collating responses, identifying gaps with baselines controls, and proposing recommendations where appropriate, keeping track of agreed remediation plans.
• Maintain ISMS related policies, guidance, and procedures to include policy reviews, document management, version control, publications and communication using various methods.
• Work with IT Security Operations and IT in general to ensure that baseline security processes are documented and followed in line with ISO27001 standards and regulatory requirements.
• Work with various controls owners to support with audit readiness and reviews.
• Generate monthly security metrics, dashboards and reporting for management review,  
• Advice IT with managing technical risks & issues through vulnerability management oversight, gap analysis and ensure that findings are documented and assigned for remediation.
• Oversight of DLP alerts to include reporting and recommendations to improve DLP policies with the aim of reducing risk of disclosure.
• Work closely with the staff across firm to gather information on working practices to identify security risk and exposure and recommend steps to Improve security posture and processes.
• Keeping abreast of latest cyber related threats, trends, and opportunities.

Essential:

• 5 -7 years of experience in Information Security with a focus on governance, risk, and compliance,
• Expertise conducting information security related audits such as ISO27001, NIST,
• Experience in applying and implementing ISO related controls both technical and operational,
• Understanding of general information security management principles and data protection,
• Experience working within Information Security or IT Security, Data Protection,
• Experience in working Information Security training and awareness tools,
• Ability to identify opportunities for improvement,
• Logical thinker and creative problem solver,
• Excellent written and verbal communication skills,
• Self-motivated, proactive, and able to take responsibility,
• Strong MS skills using MS Word, Excel, PowerPoint, and Outlook.

Desirable:

Experience in one or more of the following would also be advantageous:

• Experience working in the legal sector or similar
• Experience working with incident management tools such as Sunrise or Service Now
• Understand concept of Cloud infrastructure and Cloud Security
• General security-related qualification or certificates such as CISM, CISA, CISSP
• Ability to use Visio, or similar tools
• Experience updating intranet sites using SharePoint or similar platforms.

Education:

It would be beneficial to have:

• Degree in any discipline or information security related qualification or certificates such as CISM, CISA, CISSP; ISO27001 Lead Implementer or Lead Auditor

• Our office hours are 09.30 to 17.30 but it is essential that the applicant is committed, flexible and prepared to work beyond the normal office hours when necessary and in response to demand.
• You will be expected to follow the firm’s agile working policy, which embraces home working but will require employees to spend a minimum number of days each week in the London office.
• Overtime at weekends may be necessary from time-to-time in order to support project work or incident management.
• We expect the successful applicant to bring the experience, commitment and passion to further define the job description and embed the principles of good IT Security in the culture of the firm.
• Farrer & Co is an equals opportunity employer who welcomes applications from candidates from all backgrounds. We look to employ the best candidates regardless of age, gender, race, ethnicity, social or economic background, religion, disability, sexual orientation, national origin, or any other protected characteristic.
• We are keen to ensure candidates have the best interview experience possible, if you require any adjustments during the interview or application process please let the recruitment team know.

Farrer & Co conducts a pre-employment screening which consists of a Criminal History Background and Credit Check for successful candidates.