Global Information Security Risk & Compliance Manager
- Recruiter
- Allen & Overy LLP
- Location
- South East England
- Salary
- Competitive
- Posted
- 11 Sep 2019
- Closes
- 02 Oct 2019
- Sectors
- Facilities Management
- Contract Type
- Permanent
- Hours
- Full Time
Job description
We are currently recruiting for a Global Information Security Risk & Compliance Manager to join our IT team in either London or Belfast .
This role leads on all InfoSec risk and assurance related matters for the InfoSec, IT, and Client Audit teams.
Client InfoSec requirement compliance - In partnership with the Client Audit Team, manage the process by which our clients audit A&O's information security controls. Review changes in client requirements in order to verify A&O's capability to comply, or recommend investment cases to meet control gaps. Prepare for and attend client audit meetings / visits. Liaise directly with senior stakeholders when negotiating control changes. Manage the workload of a team of InfoSec assurance analysts in order to maintain the flow of client audit and remediation requests. Be the operational champion for process efficiency work and self-service projects in this space.
InfoSec framework maintenance and governance - Own the maintenance of the ISO27001 framework for the firm. Conduct the annual policy review & sign-off, and manage the process of external audit (at least 3 a year across multiple locations) on the framework. Prepare for and manage the ISO27001 governance meetings across the firm, bringing together senior stakeholders to review and challenge progress.
Technology risk process and the IT elements of annual financial audit - Lead the quarterly cycle of reviewing the IT Risk Register with senior management in IT. Manage the IT component of the annual external financial audit.
Global Security Champions community and InfoSec awareness materials - Lead regional security champions' knowledge sharing, training, and certification programmes. Make updates to the firm's annual InfoSec compliance training and new joiners InfoSec awareness training as and when required.
Role and responsibilities
Business / IT Strategy
Support the CISO in clearly understanding risk across the IT and Shared Services functions.
Support the CISO and Security Architects in contributing to the selection of appropriate technology solutions to fulfil security & business requirements.
Support the CISO in developing and maintaining successful internal and external business relationships (at senior level) in order to understand existing and emerging InfoSec & Cyber risks.
Supplier Management
Maintain a broad understanding of how the organisation sources, deploys and manages external partners.
Support the CISO in ensuring that supplier performance is properly monitored and regularly reviewed as defined by the Supplier Management Framework.
Support the CISO in providing advice on policy and procedures covering the selection of suppliers, tendering and procurement.
Works closely with the Procurement team to ensure all areas of commercial negotiation are documented and adhere to the Supplier Management processes.
Risk Management
Operate the IT Risk Management framework for IT.
Coordinate and monitor the development of risk treatment plans.
Quality, Methods & Tools
Facilitate improvements to processes using industry best practices, typically using recognised frameworks such as ISO27001.
Support the CISO with the design and delivery of communication and training activities to update and refresh colleagues' knowledge on quality standards.
Take responsibility for the control, update and distribution of quality standards and advise on their use concerning InfoSec compliance.
Information Security
The role holder is expected to consider all aspects of IT Risk Management as well as Information Security Compliance and Assurance. A clear and demonstrable understanding of all aspects of Information Security is required, along with the ability to promote awareness and encourage compliance with Information Security principles.
Key requirements
Business Competencies
Ability to develop good working relationships across the firm and effectively share knowledge between individuals and teams to contribute to the overall effectiveness of project and service improvement work.
Commercial acumen including an understanding of the overall picture of how technology adds value to the business.
High level of personal credibility, impact and influence at all levels of the organisation.
Excellent communication and presentation skills, both orally and written.
Ability to manage ambiguity and often conflicting priorities.
Highly self-motivated, self-starter, who will undertake all activities to the highest professional standards.
Experience of working in a global environment with an appreciation of multiple cultures.
Knowledge
Detailed practical knowledge of Cyber Security, particularly with regard to IT network and general IT infrastructure.
Expected to have a solid understanding of all major technologies used in Cyber Security.
Knowledge of technology trends.
Knowledge and experience of working in ITIL environments.
Experience
Extensive experience of Information Security and Cyber security leadership.
Track record of managing small teams across multiple locations globally.
Technical background preferred, with a wide range of experience across multiple technical areas
Proven experience of balancing technical, commercial and other issues to deliver business advantage.
Experience in contract specification and schedule production.
Experience of security and risk management.
Additional information - External
It's Time
Allen & Overy is a leading global law firm operating in over thirty countries. By turning our insight, technology and talent into ground-breaking solutions, we've earned a place at the forefront of our industry. Our lawyers are leaders in their field - and the same goes for our support teams. Ambitious, driven and open to fresh perspectives, we find innovative new ways to deliver our services and maintain our reputation for excellence, in all that we do.
The nature of law is changing and with that change brings unique opportunities. With our collaborative working culture, flexibility, and a commitment to your progress, we build rewarding careers. By joining our global team, you are supported by colleagues from around the world. If you're ready for a new challenge, it's time to seize the opportunity.
We are currently recruiting for a Global Information Security Risk & Compliance Manager to join our IT team in either London or Belfast .
This role leads on all InfoSec risk and assurance related matters for the InfoSec, IT, and Client Audit teams.
Client InfoSec requirement compliance - In partnership with the Client Audit Team, manage the process by which our clients audit A&O's information security controls. Review changes in client requirements in order to verify A&O's capability to comply, or recommend investment cases to meet control gaps. Prepare for and attend client audit meetings / visits. Liaise directly with senior stakeholders when negotiating control changes. Manage the workload of a team of InfoSec assurance analysts in order to maintain the flow of client audit and remediation requests. Be the operational champion for process efficiency work and self-service projects in this space.
InfoSec framework maintenance and governance - Own the maintenance of the ISO27001 framework for the firm. Conduct the annual policy review & sign-off, and manage the process of external audit (at least 3 a year across multiple locations) on the framework. Prepare for and manage the ISO27001 governance meetings across the firm, bringing together senior stakeholders to review and challenge progress.
Technology risk process and the IT elements of annual financial audit - Lead the quarterly cycle of reviewing the IT Risk Register with senior management in IT. Manage the IT component of the annual external financial audit.
Global Security Champions community and InfoSec awareness materials - Lead regional security champions' knowledge sharing, training, and certification programmes. Make updates to the firm's annual InfoSec compliance training and new joiners InfoSec awareness training as and when required.
Role and responsibilities
Business / IT Strategy
Support the CISO in clearly understanding risk across the IT and Shared Services functions.
Support the CISO and Security Architects in contributing to the selection of appropriate technology solutions to fulfil security & business requirements.
Support the CISO in developing and maintaining successful internal and external business relationships (at senior level) in order to understand existing and emerging InfoSec & Cyber risks.
Supplier Management
Maintain a broad understanding of how the organisation sources, deploys and manages external partners.
Support the CISO in ensuring that supplier performance is properly monitored and regularly reviewed as defined by the Supplier Management Framework.
Support the CISO in providing advice on policy and procedures covering the selection of suppliers, tendering and procurement.
Works closely with the Procurement team to ensure all areas of commercial negotiation are documented and adhere to the Supplier Management processes.
Risk Management
Operate the IT Risk Management framework for IT.
Coordinate and monitor the development of risk treatment plans.
Quality, Methods & Tools
Facilitate improvements to processes using industry best practices, typically using recognised frameworks such as ISO27001.
Support the CISO with the design and delivery of communication and training activities to update and refresh colleagues' knowledge on quality standards.
Take responsibility for the control, update and distribution of quality standards and advise on their use concerning InfoSec compliance.
Information Security
The role holder is expected to consider all aspects of IT Risk Management as well as Information Security Compliance and Assurance. A clear and demonstrable understanding of all aspects of Information Security is required, along with the ability to promote awareness and encourage compliance with Information Security principles.
Key requirements
Business Competencies
Ability to develop good working relationships across the firm and effectively share knowledge between individuals and teams to contribute to the overall effectiveness of project and service improvement work.
Commercial acumen including an understanding of the overall picture of how technology adds value to the business.
High level of personal credibility, impact and influence at all levels of the organisation.
Excellent communication and presentation skills, both orally and written.
Ability to manage ambiguity and often conflicting priorities.
Highly self-motivated, self-starter, who will undertake all activities to the highest professional standards.
Experience of working in a global environment with an appreciation of multiple cultures.
Knowledge
Detailed practical knowledge of Cyber Security, particularly with regard to IT network and general IT infrastructure.
Expected to have a solid understanding of all major technologies used in Cyber Security.
Knowledge of technology trends.
Knowledge and experience of working in ITIL environments.
Experience
Extensive experience of Information Security and Cyber security leadership.
Track record of managing small teams across multiple locations globally.
Technical background preferred, with a wide range of experience across multiple technical areas
Proven experience of balancing technical, commercial and other issues to deliver business advantage.
Experience in contract specification and schedule production.
Experience of security and risk management.
Additional information - External
It's Time
Allen & Overy is a leading global law firm operating in over thirty countries. By turning our insight, technology and talent into ground-breaking solutions, we've earned a place at the forefront of our industry. Our lawyers are leaders in their field - and the same goes for our support teams. Ambitious, driven and open to fresh perspectives, we find innovative new ways to deliver our services and maintain our reputation for excellence, in all that we do.
The nature of law is changing and with that change brings unique opportunities. With our collaborative working culture, flexibility, and a commitment to your progress, we build rewarding careers. By joining our global team, you are supported by colleagues from around the world. If you're ready for a new challenge, it's time to seize the opportunity.