The Opportunity
An exciting opportunity within the General Counsel & Risk team as part of our global Information Security team.
The individual will work closely with the UK, Australia and US-based teams in the following primary areas of responsibility, focusing on the UK and EMEA offices.
Providing assurance to external stakeholders
* Client information requests (security questionnaires, contract terms etc.)
* External certification audits
* Client site audits
Supporting the maintenance of the Firms ISO 27001 certification, in particular
* Preparing new and existing business units for certification/audit.
* Collating metrics in support of governance and continual improvement.
* Risk assessing new ways of working, alongside the Risk and IT teams.
* Assessing compliance with client-specific security requirements within the legal teams.
* Managing the ISMS tools, documentation and trackers.
* Supporting internal security audit activities.
Operational Security Oversight
* Investigate and manage DLP alerts and user behaviour anomalies, escalating as needed.
* Support incident response for phishing, impersonation scams, and other security events.
* Assist with API integration projects to enhance security workflows (e.g., ServiceNow integrations).
Security Awareness & Education
* Deliver and monitor phishing simulation campaigns, producing reports and insights.
* Contribute to security communications and awareness programs across the firm.
Strategic Initiatives
* Participate in onboarding new security technologies such as Data Security Posture Management (DSPM).
* Engage with AI Risk and Governance discussions to support emerging technology adoption.
Stakeholder Collaboration
* Build strong relationships with IT, Risk, HR, and legal teams to embed security into business processes
* Provide practical security advice to internal stakeholders.
Please note this role is concerned with governance, risk and compliance elements of general information security; it is not a technical IT/Cyber Security role albeit a strong appreciation of IT and IT/Cyber Security concepts is required for this role to be successful.
Qualifications / Skills / Experience
* Degree educated (technical degree or similar).
* We would expect the successful candidate to have around three years' experience in information security but may consider those with less experience providing they can demonstrate they meet the required competencies.
* Strong knowledge of ISO 27001 implementation and certification.
* Power BI analytics and reporting.
* One or more of the following desired - MSc in security or similar; CISSP; CISA/CISM; ISO 27001 Lead Auditor.
* Professional Services experience preferable.
* Adaptable, diligent and works with initiative.
* Strong relationship builder - internal and external.
* Familiarity with security tools and systems would be advantageous (e.g., Email DLP, UEBA, phishing simulation).
* Experience working as part of a global team.
Team
General Counsel and Risk
Working Pattern
Full time
Location
London
Contract type
Permanent Contract
Diversity & Inclusion
We are committed to attracting people from all backgrounds and creating a respectful and inclusive culture where everyone thrives. We see this as essential to our success, including our ability to innovate and achieve sustained high performance. This is a key part of our Values-Human, Bold, and Outstanding.
#J-18808-Ljbffr