Achieving success through the diversity of our people

We welcome applications from all talented professionals and will consider each applicant on their individual merits. Browse through our current opportunities to find your place at Norton Rose Fulbright and apply online.

< Back to jobs

Refer a friend Refer a friend Printer friendly Apply
Job Title Information Security Governance & Compliance Specialist
Work Type Full Time
Job Location Toronto
Practice Group/Department N/A
Role Business Services
Description

Information Security Governance & Compliance Specialist

The Team

The information security team reports to the global chief information security officer (CISO). The team works with unified principles and processes around the world while maintaining regional stakeholder relationships. High standards are achieved through the adherence to international best practice principles (ISO 27001) and continuous improvement methodologies.

The scope of the information security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm.

The Role

The information security governance & compliance specialist takes responsibility for overseeing responses to support the client bids and client audit process, and the third-party supplier assessment process. The role is a key part of assuring our clients on the technical security measures NRF has in place for protecting client data. Providing project support for other security functional areas may also be required on an ad hoc basis.

Key Responsibilities

  • Technical SME for all client bids and client audit responses. Ensure NRF responses to client questions are consistent and appropriate.
  • Lead support for client bids and client audits. This involves the co-ordination of completing complex questionnaires received from clients, often with tight deadlines.
  • Technical assessor for NRF's third-party party supplier onboarding process, to ensure all new suppliers are thoroughly evaluated, and comply with NRF information security requirements
  • Provide information security & IT product knowledge support, including:
    • Deep working knowledge of NRF global controls through liaising with regional IT teams
    • Being responsible for the upkeep of central response and evidence database
    • Continuous process improvements
  • Providing knowledge transfer to other governance & compliance analysts, when needed
  • Research and development of technology and processes to increase team efficiency and speed
  • Escalating appropriately, where policy compliance is not in place and tracking any remediation actions to completion.
  • Performing third-party party supplier risk assessments to ensure the protection of the firm and client data.
  • Remain current with developments in the Cyber domain.
  • Building relationships with key stakeholders to allow regular information sharing.
  • Achieving a balance between protecting the firm and ensuring that users can work effectively
  • Being pragmatic but cognisant of risk.

Skills and Experience Required

  • Education - an IT or information security qualification or 7+ years' experience in a similar role.
  • ISO 27001 qualification and / or experience.
  • Excellent communication skills, both written and oral. The ability to articulate complex information security controls to a business audience is essential.
  • Stakeholder management skills. Ability to build relationships with team members and peers across the organization is vital to the success of this role.
  • Experience working in large, matrix and geographically dispersed global organizations where IT and information security have played a key role in the business.
  • Proven ability and understanding of the role of client bids and client audits in business development and the effective management of third-party risk.
  • Experience in using governance, risk & compliance (GRC) tools. OneTrust GRC and BitSight platform experience is an advantage.
  • An ability to learn quickly, solve problems and pragmatically address risk.
  • Experience with creating reports, dashboards and metrics for presentation.
  • A relevant industry certification, such as CISSP, CISM, CRISC, CISA or similar, is an advantage.

Ready to join a proactive and modern firm that provides an exceptional career experience in an inclusive and collaborative environment? Come join us!

As a global law firm, we embrace a culture of excellence and working hard, but always with a focus on flexibility, respect, diversity and openness. We strive to create an equitable, inclusive environment where everyone can bring their whole self to work and realize their career potential.

To find out more about how we integrate diversity, equity and inclusion in everything we do please click https://www.nortonrosefulbright.com/en-ca/about/diversity-equity-and-inclusion.

If you are unable to apply for a position online or require any reasonable adjustments during the recruiting process, please contact TORHR_RH@nortonrosefulbright.com to further discuss your needs.

Please note that applicants who receive an employment offer may be required during their employment with Norton Rose Fulbright to provide proof of vaccinations recommended from time to time by government or public health authorities. Norton Rose Fulbright has a duty to accommodate those who are unable to get vaccinated due to protected grounds. For applicants who require an accommodation, please contact TORHR_RH@nortonrosefulbright.com to discuss further.

We thank all candidates for their applications, but please note that we will be contacting only those whom we invite for an interview.

#LI-Hybrid

Law around the world
nortonrosefulbright.com
Refer a friend Refer a friend Printer friendly Apply