Bevan Brittan is a UK-Top 100 commercial law firm providing a
comprehensive range of legal services from offices in Birmingham,
Bristol, Leeds and London.
The firm advises businesses across construction, energy &
resource management, higher education and financial services,
complementing the firm's market leadership within housing, local
government and health & social care.
We currently employ over 600 people, including over 90 Partners, and
our award-winning teams provide construction, commercial, corporate,
property, regulatory, employment and litigation (commercial and
clinical negligence) legal advice.
Bevan Brittan is named among 'The Times Best Law Firms 2023' and has
recently either won or been shortlisted for a number of prestigious awards.
We are driven by our 4 values: Relationships, Results, Reputation and
Responsible. These give us a sense of purpose and ensure we always
work collaboratively with clients and colleagues, continually improve,
make the right choices and act with integrity.
Bevan Brittan is an equal opportunities employer and welcomes
applicants from all backgrounds.
The Role:
An Internal Audit Officer is required to support the expanding Risk
& Best Practice department, including the Director of Risk (DoR)
and the Information Security Manager (ISM) in the delivery of a
professional and first class risk and regulatory service to the firm.
Reporting to the ISM, the role will be based in our Bristol office
but will involve travel to the firm's other offices in London, Leeds
and Birmingham, and to offsite supplier locations as and when needed
in line with the audit programme and as directed by the ISM and the DoR.
Relevant knowledge and awareness will include:
Familiarity with core Microsoft applications (Outlook, Word,
Excel, Powerpoint, SharePoint)
Familiarity with cloud-based collaboration software such as HighQ
is an advantage
Good word processing skills, ability to touch type
Problem-solving skills
A strong understanding of risk management principles and the
ability to identify risks to an organisation.
A good understanding of ISO 27001 is an advantage, as is a broad
understanding of data protection
Ability to undertake all aspects of an Internal Audit Officer role including:
Planning for, and arranging the firm's annual ISO 9001, 27001 and
14001 external audits, liaising with the ISM and internal
stakeholders/auditees, to include:
Acting as a point of contact for external auditors and audit participants.
Arranging audit dates with the certification bodies.
Arranging meetings with internal stakeholders.
Dealing with invoicing and other associated administration.
Reporting on audit outcomes, including any non-conformities
(NC's) and opportunities for improvement (OFI's).
Ensuring that NC's and OFIs are picked up in the OFI log and
relevant remedial actions and dates agreed with stakeholders.
Monitoring changes to ISO audit standards and associated
guidance, and with the ISM, formulating plans to upgrade the
firm's integrated management system (ISMS, QMS and EMS) in line
with these.
In conjunction with the ISM and the DoR , planning and
administering the firm's programme of internal audits in support of
the firm's ISO certifications, Risk Register (ERR/ORR) risk
treatment decisions and/or any relevant client contractual
requirements, to include:
Liaising with external ISO consultants to obtain a gap analysis.
Utilising the gap analysis, plus ERR/ORR and client
requirements to formulate an internal audit plan.
Seeking input on the plan from ISO consultants and other key
stakeholders (including the Data Protection Officer and other
Risk & Best Practice team members).
Finalising and publicising the plan to internal stakeholders.
Thereafter administering the plan, to include:
Arranging internal audits conducted by ISO consultants and other
consultants as required.
Conducting internal audits assisted by the Risk & Best
Practice Assistant, within available resources.
Communicating audit findings to stakeholders, including any
remedial actions and associated deadlines.
Monitoring and follow up of audit findings, including the
maintenance of the Opportunities for Improvement (OFI) register and
ensuring that agreed audit recommendations are closed out in a
timely way.
Monitoring and reporting on any risks to fulfilment of the plan.
Monitoring and reporting to the ISM in relation to expenditure
against budget for the plan.
Updating the internal audit plan periodically in conjunction with
the ISM and the DoR, taking into account any new or changed risks on
the ERR/ORR, changes to existing certification standards, and any
new or prospective certifications (such as ISO 22301).
Providing periodic updates on progress against the plan, including
via Word and PowerPoint.
Organisation of internal training on internal audit, and
associated communications so as to promote a better understanding
within the firm of internal audit and the value it delivers to the business.
Updating policies and guidance on internal audit on the Know How
database, and updating relevant links on the intranet.
Dealing with miscellaneous queries including emails and phone
calls relating to internal audits and the internal audit plan.
Assisting in the file review process, to ensure that reviews are
completed fully and on time.
Skills and Experience Required:
Previous experience of working in an internal audit team an
advantage, but not essential. Likewise, a CIA (Certified Internal
Auditor) qualification (including ISO 27001 Certified ISMS Lead
Auditor) will be an advantage, but not essential.
Awareness of the key principles of Information Security and Best
Practice (including ISO 27001, 9001 or Lexcel) an advantage, but not essential.
Awareness of running an ISO 14001 compliant environmental
management system an advantage.
Ability to work in a careful, methodological way with excellent
attention to detail and personal organisation to ensure that issues
are followed through and closed out.
Good time management to effectively meet deadlines and complete
audits on schedule.
Ability to manage changing day-to-day work pressures and to
prioritise work appropriately (and reprioritise where urgent issues arise).
Ability to develop and build upon strong relationships with key
stakeholders in the legal teams and Business Services.
Excellent written and verbal, communication skills.
Good awareness and understanding of IT software systems,
specifically as they apply to professional service firms would be an advantage.
Strong communication skills, including oral communication, report
writing and presentation skills.
Ability to take ownership of tasks and projects and manage own
workload to meet deadlines, identifying any risks to agreed
deadlines and addressing these proactively.
Ability to deliver work of a high quality, whilst ensuring that
time allocated to particular tasks is proportionate.
Proactive, self-motivated and flexible approach, including:
positive, 'can-do' attitude
identifying when issues are urgent and should take priority
strong team player - supporting and helping others in the team
ability to work diplomatically, but effectively, with others
in order to meet the Risk & Best Practice team's objectives
In dealings with any external third parties, being an effective
ambassador and advocate for the firm, its culture and values.
Commitment to continuous learning and staying up-to-date with
relevant changes to the ISO standards and other key law/regulation
relevant to the role.
Work-life balance
Where possible, we want to offer all Bevan Brittan people flexibility
to work their week in a way that suits them - we operate a hybrid
working model based on the needs of our clients, teams and that of the
individual. Our core business hours are 9am - 5:15pm Monday to Friday,
however we are open to individuals working more flexibly around those
times and would welcome a conversation with you if you have any questions.
We offer a substantial benefits package to all employees including:
A minimum of 25 days holiday (plus the option to buy up to an
additional 5 days)
Discretionary bonus scheme
Generous pension scheme
Private medical insurance through Vitality
Biennial private health assessment through Nuffield Health
Life assurance
Access to Employee Assistance Programme
Cycle to work scheme
Responsible business
To us, being a responsible business is second nature; a core part of
Bevan Brittan's identity, running through our culture and embodied by
the clients we serve. We want to demonstrate our commitment to these
causes through actions rather than words; colleagues from across the
firm are already heavily involved, living and breathing the four
pillars of our Responsible Business strategy:
Community Engagement -Each lawyer has the
opportunity to undertake pro bono legal work for local charities and
not-for-profit organisations. We also play an active role through
our local office communities, in 2022 we fundraised and donated a
total of £80,000 to our four regional office charities, with each
charity receiving £20,000 to help fund their vital services.
Environmental Sustainability- Bevan Brittan is
proudly a carbon neutral firm. We have achieved the UN's Climate
Neutral Now accreditation and our environmental sustainability plan
is focused on achieving our net zero carbon target.
Equality, Diversity & Inclusion- We have a
strong and vibrant diversity programme that gives colleagues across
the firm an opportunity to take part, led by our Equality, Diversity
& Inclusion Committee and supported by our Ambassadors, who
drive engagement in our strategy and raise awareness across the firm.
Wellbeing -We are proud of our open culture, where
colleagues feel empowered to speak openly about physical and mental
health issues and to seek out support when needed. We have trained
21 colleagues across the firm as Mental Health First Aiders and
established a programme of initiatives including our informal
'coffee with' scheme.
Collectively, these four pillars ensure we look after our colleagues'
wellbeing; offer an environment in which all can progress on merit,
regardless of personal circumstances or background; give something
back to the communities in which we work; and protect the environment.
