Information Security Governance & Compliance Manager
Our leading law firm client are looking to recruit an Information Security Governance & Compliance Manager on a permanent basis to maintain the ISO27001 Information Security Management System across all regions and offices, including coordinating and maintaining information security activities, reviewing policies and procedures, monitoring/managing common threats and proactively responding to security incidents.
As the firms Information Security Governance & Compliance Manager you will communicate with senior management across all regions, liaising with internal teams, working with third parties and development of the firm's security capabilities to meet the changing needs of clients. You will help to ensure that the firm retains its Cyber Essentials Plus certification to meet with the requirements of our UK government clients.
You will work with the Chief Information Security Officer to maintain the supplier management system to ensure that all global suppliers are audited for security compliance.
The key responsabilites for this Information Security Governance & Compliance Manager opportunity are:
- Manage the gloal ISO27001 programme
- Verify the firms monitoring tools are meeting the ISMS objectives and alert the necessary individuals if they are not.
- Create and maintain necessary documentation, flag with the CISO for review where relevant.
- Ensure security metrics are appropriate for ISO27001
- Undertake regular checks as set by the CISO
- Assist the CISO with the supplier review process and provide support to local teams
- Understand business objectives and support development of budget for information security objectives
- Develop, maintain and publish security policies and procedures
- Develop and maintain the security compliance program
- Provide support to local offices to update and maintain country specific ISO documentation
- Co-ordinate external audits, working with relevant internal and external parties.
- Ensure Business Continuity testing is undertaken in each global office
- Ensure the results of all tests and audits are followed up and monitored.
- Coordinate and maintain the management review process
The successful candidate will have:
- CISM or MSc InfoSec/Cyber Security qualified an advantage
- Proven ability to work both as part of a team and individually
- Team player with flexible "can-do" attitude
- Good communicator at all levels within an organisation and with international colleagues
- Strong attention to detail
- Good organisation skills
- Awareness of need to keep other team members informed and involved in projects
- Excellent written and spoken English
- Second language an advantage
- Thorough experience of ISO27001 Management Systems is a requirement
- Understanding and experience of IT systems & information security technical controls
- Legal or Professional Services experience an advantag