We are seeking a detail-oriented and experienced IT Security Controls & Reporting Analyst to join our IT Infrastructure and Security team.
The successful candidate will be responsible for engaging with client security audits, completing extensive cybersecurity questionnaires, leading third-party vendor assessments from a cybersecurity perspective, and maintaining technical documentation.
This role is crucial in ensuring our firm's compliance with security standards and maintaining the integrity of our IT systems.
Key Responsibilities:Client Security Audits: Engage with client security audits and ensure all cybersecurity requirements are met.
Complete extensive cybersecurity questionnaires accurately and in a timely manner.Vendor Assessments: In collaboration with the risk and compliance department, lead the cyber and information security assessments of 3rd party vendors, ensuring they meet our security standards.Policy: Develop and maintain security controls and policies to protect the firm's IT infrastructure.Performance Monitoring: Monitor and report on the effectiveness of security controls and recommend improvements.
Prepare and present security reports to management and clients.Collaboration: Collaborate with internal teams to address security vulnerabilities and implement corrective actions.Documentation: Create and maintain detailed documentation regarding cybersecurity controls.Continuous Learning: Stay up to date with the latest cybersecurity trends, threats, and best practices.Security Awareness: Assist in the development and implementation of security awareness training programs for staff.Support incident response activities and investigations as needed.ISO27001: Participate in the annual ISO 27001 certification process.Skills, Knowledge and Expertise:Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.2-3 years' experience in IT security, with a focus on security controls and reporting.Experience with regulatory compliance and audit processes.Experience with security risk assessments and mitigation strategies.Knowledge of third-party vendor risk management and assessment.Strong understanding of cybersecurity principles, frameworks, and best practices.Familiarity with security standards and regulations (e.g., ISO 27001, GDPR, HIPAA).Strong understanding and knowledge of cloud security principles and best practices, data protection and encryption technologies, network security, including firewalls, IDS/IPS, and VPNs, identity management.Preferred experience for the role: Experience working in a law firm or legal environment.Knowledge of legal industry-specific security requirements and challenges.Advanced certifications in cybersecurity or related fields.Experience with security incident response and management.Benefits:Market leading salaryDiscretionary annual bonus scheme25 days annual leave allowancePension schemeTaxSaver and Bike to Work schemeHealthcareFull gym and wellness programme
#J-18808-Ljbffr