Home / Careers
Back to vacancies

Printer friendly Apply
Job Title Information Security Analyst
Closing Date 09-Jun-2024
Department IT
Job Location Bristol; London
Role Business Services
Description

Award winning law firm Osborne Clarke are looking for an Information Security Analyst to join their growing Information Security team in in our London or Bristol office. This is a permanent role offering hybrid working.

The role of the Information Security Analyst is committed to maintaining the highest level of data security and protecting our systems from threats. As part of our ongoing efforts to enhance our information security posture, we are seeking a skilled and motivated Information Security Analyst to join our team.

Osborne Clarke

Osborne Clarke is a future-focused international legal practice with over 300 Partners and more than 1,080 talented lawyers in 26 offices around the world*. Our three-dimensional approach to client service combines legal expertise, in-depth understanding of our clients and the sectors they operate in, together with insight into the global issues that are transforming the landscape of how we live, work and do business: Decarbonisation, Digitalisation and Urban Dynamics. Looking around corners to help our clients solve legal and business challenges, big and small, and harness the opportunities of change - together we'll be ready for what's next.

We love working closely with our clients on new deals, products and solutions which will transform their businesses, markets and even sectors. And our unique approachable culture is not an added extra, it's fundamental to our success.

Job description:

As an Information Security Analyst, you will play a crucial role in safeguarding our organisation's assets from potential threats. You will be responsible for raising awareness with colleagues, assessing risks, implementing controls, and ensuring compliance with industry standards and best practices.

Key responsibilities include:

  • Developing, maintaining and publishing ISMS documentation (processes, procedures and guidelines), ensuring overall governance and continual improvement of information security controls.
  • Maintaining conformance with ISO 27001, including adaptation of the ISMS to meet evolved structure and requirements of ISO 27002:2022, and other applicable standards.
  • Helping expand the scope of ISO 27001 certification to include other international entities of the firm, especially with local processes, risks, controls, internal and external audits and management review
  • Stay up to date with the latest trends, technologies, and regulatory requirements. Maintain and share awareness of security industry trends including evaluation of new and emerging security technologies and make recommendations to stakeholders
  • Continuing to enhance the firms security culture through awareness programmes and training
  • Working with departments and systems across the business to conduct security risk assessments and carry out treatment plans.
  • Planning and performing periodic internal audits and compliance activities, supporting internal or external security audit processes, defining and implementing any required remediation activities.
  • Assisting with investigation and triage of any security incidents or issues reported, including use of monitoring activities, scanning/test tools and results to determine potential weaknesses, threat patterns, and trends.
  • Ensuring resolution, root cause analysis and coordination of remediation activities to ensure effective tracking to closure of potential security breaches, attacks or policy violations.
  • Help respond to customer requests for information security compliance, controls and contractual measures.
  • Prepare and present reports on security incidents, risks, and mitigation strategies to management and stakeholders.
  • Carry out supplier due diligence, monitoring and regular review of performance, including supplier audits.

What we're looking for:

The successful candidate will need to have proven experience in a similar role and professional certification in Information Security (e.g. CISSP, CISMP, Lead ISMS Implementer or Auditor). You'll also need to demonstrate the following:

General

  • Strong interpersonal and communication skills (spoken, written and presentation) able to work with, influence and educate people at all levels
  • Broad ranging consultancy skills (problem solving, change management, influencing, communication, research and data collection and analysis, process mapping, creative thinking, negotiation)
  • Credible and effective thinker and planner, with good understanding of the firm's goals and objectives
  • Excellent attention to detail in terms of task planning, execution and communication
  • Ability to present ideas in business-friendly and user-friendly language across multiple geographies
  • Highly organised and outcome focussed
  • Proactive in the face of challenges, keen to enjoy work and make an effective contribution
  • Able to effectively prioritise and execute tasks within a fast-paced environment
  • Excellent analytical and problem solving skills.
  • Strong communication and collaboration abilities.

Technical

  • Trained as an auditor in ISO management systems, ideally ISO 27001 but relevant others also considered.
  • Strong knowledge of certifications and standards such as ISO 27001, Cyber Essentials (plus), ISO 22301 and/or NIST controls
  • Good awareness of IT security measures, best practices and industry standards.
  • Experience with incident response procedures and tools.
  • Good understanding of cyber security and technology
  • Knowledge of cloud security or services, especially Azure
  • Knowledge of Office 365
  • Practical and/or theoretical knowledge of security protocols and tools such as ZScaler

Salary and benefits

We offer competitive salaries and generous benefits

For more information or to apply

We would very much welcome your application using the link provided. Should you have any questions about the role, or would like to find out more about the firm, please contact Dan Jones or Tim Jenkins at dan.jones@osborneclarke.com / tim.jenkins@osborneclarke.com

At Osborne Clarke we value difference and encourage applicants from all social backgrounds, ethnicities, disabilities, gender identities, and sexual or romantic orientations. We want everyone to feel that OC is a place where you can be yourself and where you belong, and our range of interest groups and diversity networks - not to mention our great teams - are a part of making that a reality.

Being an inclusive employer is important to us and we are committed to ensuring every applicant's recruitment experience is free from unnecessary barriers. We have made a number of external commitments such as the Race Fairness Commitment and Women in Law Pledge, and are working with organisations like Stonewall to become a more inclusive employer. We want you to be able to show us your best during the recruitment process. If you require any adjustments to be made during the application, interview process or when working with us, please let us know.

We support working families via a range of family and caring friendly policies and will accommodate flexible working where we can. We value the health and wellbeing of our people: for example, we're signatories to the Mindful Business Charter, have an active network of mental health champions and offer free initiatives and flexible benefits to all our people.

Although we include closing dates for our roles as a guide, we review and progress applications on a rolling basis.

*Services in India are provided by a relationship firm
Printer friendly Apply