Achieving success through the diversity of our people
We welcome applications from all talented professionals and will consider each applicant on their individual merits. Browse through our current opportunities to find your place at Norton Rose Fulbright and apply online.
Not currently receiving applications. For agency users and internal applicant, please login, or register.
Job Title
Senior Information Security Analyst
Work Type
Full Time
Job Location
Brisbane
Practice Group/Department
Information Technology
Role
Business Services
Description
Norton Rose Fulbright is a global legal practice. We
provide the world's pre-eminent corporations and financial
institutions with a full business law service. We have more than
4000 lawyers based in over 58 offices across Europe, the United
States, Canada, Latin America, Asia, Australia, Africa, the Middle
East and Central Asia.
The Role
The Senior Information Security Analyst is one of
several such Analyst roles in the firm. Each Analyst is responsible
for assisting with the day to day operation of CISO office tasks.
Analysts are also encouraged to participate in proactively
identifying sources of vulnerability and threat.
The role will be part of a worldwide team that is
empowered to operate the activities within their assigned function.
Daily activities will focus heavily on request, event and incident
management and direction will be provided by the Information
Security Manager.
Norton Rose Fulbright is committed to the professional
development of its staff. There will be significant development
opportunities for the Senior Information Security Analyst role, both
through on-the-job learning and targeted training. The CISO team
also embrace a mentoring and meritocratic approach.
The success of this role is dependent upon building a
lasting alignment between information security provisions and
business requirements. In particular, the role must consider:
The special requirements of the Firm with regard to
client confidentiality, as well as regulatory requirements such as
data protection.
Achieving a balance between protecting the firm and
ensuring that users can work effectively; being pragmatic but
cognizant of risk.
The Analyst can be based in either our Brisbane, Sydney
or Melbourne office.
Key Objectives:
Ensure that the Firm has the requisite capability to
investigate, prevent and remediate against security breaches,
viruses and deviations from security procedures.
Act as a technical expert in the security field with
a solid understanding of Norton Rose Fulbright's Information
Security infrastructure and act as its champion in relation to
Information Security.
Assist with Information Security monitoring and act
as a technical point of escalation for any alerted issues.
Manage the global Information Security incident /
request queue.
Assist with a program of educational, procedural and
technical improvements aligned with the Information Security
Management System.
Assist with the management of technical controls
defined within the Information Security Management System.
Responsibilities include, but are not
limited to:
Act as a champion for Information Security best
practice and policies.
Act as an intermediate escalation point and technical
mentor for other members of the analyst team.
Operate and manage security incidents and requests to
SLA guidelines.
Review, action, and escalate, any unusual event
behaviour identified.
Assist with development and maintenance of the
Firm-wide security infrastructure configuration, policies and
procedures, identifying improvements to procedures, and reporting
on incidents.
Actively promote security governance in support of
the Information Security policies, to ensure appropriate measures
are taken to secure the Firm's confidentiality and integrity
Encourage cooperative working with all business
functions to achieve shared goals,ensuring skills transfer and technical security
awareness within the teams. This includes writing process
documents and conducting training.
Work cooperatively with project teams to ensure that
new project and changes adhere to Information Security policies
and governance standards.Identify threats and vulnerabilities.
Identify threats and vulnerabilities.
Keep a technical industry awareness of security risks
and exposures and proactively promote effective counter-measures.
Configure appropriate security parameters in
monitoring systems and act as a technical point of escalation for
any alerted issues.
Perform document reviews and privileged account reviews.
Experience / Skills:
At least 3 years' experience working within Information Security infrastructure or vocation to
move from another technical discipline.
Experience of participating in resolving technical issues.
Experience of introducing Information Security
improvement through effective deployment of technology and / or
processes to move to a proactive footing in security management or
demonstrating similar in current technical discipline.
Ability to triage and remediate phishing and
impersonation attacks in a timely and efficient manner as the risk dictates.
Experience working with a service management tool.
Working knowledge of Microsoft 365 Defender and
Microsoft Entra ID to investigate risky sign-in/user alerts,
quarantined files/emails.
Working knowledge of Microsoft Sentinel, Purview and Intune.
Working knowledge of endpoint security solutions and
security infrastructure including EDR, vulnerability management
tools, DLP solutions and removable media encryption.
Working knowledge of cloud based web and email
filtering solutions such as Forcepoint, Zscaler, Mimecast,
Proofpoint.
A solid understanding of next gen firewalls, IDS/IPS,
SIEM and networking experience is desirable.
An ability to learn quickly, solve problems and
pragmatically address risk. Technical bachelor's degree or
equivalent IT / Information Security experience (preferred).
Security-related certification e.g. CompTIA
Security+, GSEC (preferred)
Good understanding of security frameworks such as ISO
27001, NIST, Mitre (preferred).
Personal Attributes:
Keen sense of responsibility, ability to set a
professional example and desire to adhere to defined security practices.
Strong technical security understanding.
Self-motivated and able to work calmly and
methodically under pressure.
Excellent interpersonal skills, exceptional levels of
personal integrity and the ability to communicate clearly at all
levels through reports, presentations and forming effective
matrixed relationships.
Flexible approach to incorporate changing priorities.
Cooperative, service-orientated, individual and
established team worker, comfortable working in a geographically
dispersed team.
Good judgement when it comes to confidentiality and
sensitivity of information of which they may become aware through
the course of their duties.
Adaptable and keen to learn new skills.
The Team:
The scope of the Information Security function includes
all strategic security planning and control oversight to ensure
effective risk mitigation takes place within the firm. The
Information Security team operates a number of security solutions
directly, such as anti-malware solutions, Internet security proxy
servers, and the vulnerability scanning platform, and rely on other
departments (IT service delivery, HR, Facilities) to operate all
other security controls.
The Information Security team is responsible for
ensuring the overall effectiveness of the control framework and
managing security incidents. The team work with unified principles
and processes around the world while maintaining regional
stakeholder relationships. They adhere to the international standard
ISO 27001, and report to the Firm's CISO.