The mission of the firm's Information Security and Risk team is to establish a secure risk-managed environment that protects the confidentiality, integrity and availability of information used by the business. The successful candidate will be primarily supporting the teams' mission by focusing on Client related security governance, due diligence and risk mitigation activities. The role will require the candidate to work as part of the team responding to client driven information security questions, due diligence, and audit requests in a timely manner. The role requires a broad working knowledge of information security standards, information security best practices, information security policy, risk management processes, and have good organisational, writing skills and an attention to detail. The role must be sensitive to the nature of Client communication and interactions, and the business context to the requests made of the team. The individual must be self-motivated and feel comfortable working with other members of the IT team to deliver high quality responses in a timely manner.

Key Responsibilities

Information Security Specialist

• Supports vendor and supplier risk management programmes, including vendor/supplier due diligence assessments
• Review proposed Client engagement contracts and SLAs to identify implications of contractual language and SLAs regarding information security and expectations on IT services
• Identifies emerging Client implications and requirements for consideration into the firm's information security frameworks, strategy, roadmap, policies, and IT initiative roadmap
• Facilitates discussions within IT to ensure InfoSec strategy addresses critical risks while aligning with client needs.
• Completes client due diligence questionnaires and audit requests working to Client orientated deadline
• Supports the firms Business Development activities regarding bid responses.
• Facilitates qualitative improvements in working practices
• Stays abreast of industry, regulatory and company changes and trends as they relate to the legal industry, information management, InfoSec, technological standards, and trends as they apply to IT efficiencies
• Assesses and recommends information security, governance, risk management, and compliance tools, services and working practices that reflect emerging Client expectations that best meet, develop, and improve the firm's current and future information security environment

IS Security Governance

• Maintains repository of standard information security responses for client assessments, client RFPs, etc
• Works with various stakeholders to ensure accurate, timely and consistent responses to client information security and risk control assessments
• Understands the team's role in advising and consulting with the IT department to manage security with a Client focus
• Scopes externally conducted information security and risk audit, assessment, and advisory services, and delivers a Clyde & Co Client Security Handbook that reflects the security posture and capabilities supporting the protection of Client information

Information and Technology Risk Program

• Facilitates/establishes and reports on monthly metrics and Key Risk Indicators relating to Client/Vendor risks
• Leads, plans, or assists, audits for assigned areas.
• Identifies and understands complex risks from a business perspective.

Education

Bachelor's Degree in Computer Science, Information Security, Information Technology, or other technical discipline degree desired; relevant education and experience in other disciplines are also considered.

Clyde & Co shifted to virtual work for the majority of our lawyers and business services team with the global outbreak of Covid-19. This precaution was taken to help protect our people, clients and communities. It is likely that this role will start virtually while the firm continues to evaluate the situation.

Clyde & Co US LLP is committed to protecting the health and well-being of our employees and partners, their families, and members of our community against COVID-19. Accordingly, we require all partners and employees based in the United States to be fully vaccinated against COVID-19 to enter the Firm's office, unless they have been granted a reasonable accommodation based on documented medical or religious grounds. Offers of employment will be conditioned upon applicants presenting proof of full COVID-19 vaccination unless exempted by the firm based on medical or religious grounds.

-Principals Only-

We offer a rewarding work environment that supports professional growth and opportunities. We value diversity in our work place and it is the policy of the Firm to recruit, hire, promote, reassign, compensate and train highly qualified persons without regard to race, color, sex, sexual orientation, gender identity or expression, religion, national origin, age, disability or any other basis protected by applicable law.

CLYDE & CO PRIVACY NOTICE: https://www.clydeco.com/help/privacy