We are seeking a detail-oriented and experienced IT Security Controls & Reporting Analyst to join our IT Infrastructure and Security team.
The successful candidate will be responsible for engaging with client security audits, completing extensive cybersecurity questionnaires, leading third-party vendor assessments from a cybersecurity perspective, and maintaining technical documentation.
This role is crucial in ensuring our firm’s compliance with security standards and maintaining the integrity of our IT systems.
Key Responsibilities:
* Client Security Audits: Engage with client security audits and ensure all cybersecurity requirements are met. Complete extensive cybersecurity questionnaires accurately and in a timely manner.
* Vendor Assessments: In collaboration with the risk and compliance department, lead the cyber and information security assessments of 3rd party vendors, ensuring they meet our security standards.
* Policy: Develop and maintain security controls and policies to protect the firm’s IT infrastructure.
* Performance Monitoring: Monitor and report on the effectiveness of security controls and recommend improvements. Prepare and present security reports to management and clients.
* Collaboration: Collaborate with internal teams to address security vulnerabilities and implement corrective actions.
* Documentation: Create and maintain detailed documentation regarding cybersecurity controls.
* Continuous Learning: Stay up to date with the latest cybersecurity trends, threats, and best practices.
* Security Awareness: Assist in the development and implementation of security awareness training programs for staff.
* Support incident response activities and investigations as needed.
* ISO27001: Participate in the annual ISO 27001 certification process.
Skills, Knowledge and Expertise:
* Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
* 2-3 years’ experience in IT security, with a focus on security controls and reporting.
* Experience with regulatory compliance and audit processes.
* Experience with security risk assessments and mitigation strategies.
* Knowledge of third-party vendor risk management and assessment.
* Strong understanding of cybersecurity principles, frameworks, and best practices.
* Familiarity with security standards and regulations (e.g., ISO 27001, GDPR, HIPAA).
* Strong understanding and knowledge of cloud security principles and best practices, data protection and encryption technologies, network security, including firewalls, IDS/IPS, and VPNs, identity management.
Preferred experience for the role:
* Experience working in a law firm or legal environment.
* Knowledge of legal industry-specific security requirements and challenges.
* Advanced certifications in cybersecurity or related fields.
* Experience with security incident response and management.
Benefits:
* Market leading salary
* Discretionary annual bonus scheme
* 25 days annual leave allowance
* Pension scheme
* TaxSaver and Bike to Work scheme
* Healthcare
* Full gym and wellness programme
#J-18808-Ljbffr