Overview
An exciting opportunity within the General Counsel & Risk team as part of our global Information Security team.
The individual will work closely with the UK, Australia and US-based teams in the following primary areas of responsibility, focusing on the UK and EMEA offices:
Responsibilities
* Providing assurance to external stakeholders, including:
* Supporting the maintenance of the Firms ISO 27001 certification, in particular:
* Preparing new and existing business units for certification/audit.
* Collating metrics in support of governance and continual improvement.
* Risk assessing new ways of working, alongside the Risk and IT teams.
* Assessing compliance with client-specific security requirements within the legal teams.
* Managing the ISMS tools, documentation and trackers.
* Supporting internal security audit activities.
* Operational Security Oversight
* Investigate and manage DLP alerts and user behaviour anomalies, escalating as needed.
* Support incident response for phishing, impersonation scams, and other security events.
* Assist with API integration projects to enhance security workflows (e.g., ServiceNow integrations).
* Security Awareness & Education
* Deliver and monitor phishing simulation campaigns, producing reports and insights.
* Contribute to security communications and awareness programs across the firm.
* Strategic Initiatives
* Participate in onboarding new security technologies such as Data Security Posture Management (DSPM).
* Engage with AI Risk and Governance discussions to support emerging technology adoption.
* Stakeholder Collaboration
* Build strong relationships with IT, Risk, HR, and legal teams to embed security into business processes
* Provide practical security advice to internal stakeholders.
Qualifications / Skills / Experience
* Degree educated (technical degree or similar).
* We would expect the successful candidate to have around three years\ experience in information security but may consider those with less experience providing they can demonstrate they meet the required competencies.
* Strong knowledge of ISO 27001 implementation and certification.
* Power BI analytics and reporting.
* One or more of the following desired - MSc in security or similar; CISSP; CISA/CISM; ISO 27001 Lead Auditor.
* Professional Services experience preferable.
* Adaptable, diligent and works with initiative.
* Strong relationship builder - internal and external.
* Familiarity with security tools and systems would be advantageous (e.g., Email DLP, UEBA, phishing simulation).
* Experience working as part of a global team.
J-18808-Ljbffr