Information Security Analyst (12 Month FTC)

Role profile

Award winning law firm Osborne Clarke are looking for an Information Security Analyst to join our Information Security team on a 12 ‑ month fixed ‑ term contract to cover maternity leave. The role is based in our Bristol office and offers hybrid working.

The role of the Information Security Analyst is committed to maintaining the highest level of data security and protecting our systems, with a primary focus on governance, audit and compliance across our Information Security Management System (ISMS).

Job description

As an Information Security Analyst, you will play a crucial role in safeguarding our organisation's assets, with a strong emphasis on ISO 27001 governance, control assurance and certification activities. You will be responsible for raising awareness with colleagues, assessing risks, implementing and auditing controls, and ensuring compliance with industry standards and best practices.

Key responsibilities include

• Developing, maintaining and publishing ISMS documentation (processes, procedures and guidelines), ensuring overall governance and continual improvement of information security controls.
• Maintaining conformance with ISO 27001:2022, and other applicable standards.
• Planning, performing and reporting on periodic internal audits and compliance activities, supporting internal or external security audit processes, defining and implementing any required remediation activities.
• Helping expand the scope of ISO 27001 certification to include other international entities of the firm, aligning local processes, risk assessments, controls maturity, and supporting internal and external audits and management review
• Stay up to date with the latest trends, technologies, and regulatory requirements. Maintain and share awareness of security industry trends including evaluation of new and emerging security technologies and make recommendations to stakeholders
• Working with departments and systems across the business to conduct security risk assessments and document treatment plans.
• Assisting with investigation and triage of any security incidents or issues where they relate to control effectiveness, policy compliance and corrective/preventive actions. Help respond to client requests for information security requests, questionnaires and contractual control requirements, ensuring timely, accurate and consistent responses.
• Prepare and present reports on security incidents, risks, and mitigation strategies to management and stakeholders.
• Carry out supplier due diligence, monitoring and regular review of performance, including supplier audits.
• Continuing to enhance the firms security culture through awareness programmes and training, aligned to audit/compliance observations.

What we're looking for

The successful candidate will need to have proven experience in a similar role and/or professional certification in Information Security (e.g. CISSP, CISMP, Lead ISMS Implementer or Auditor). You'll also need to demonstrate the following:

Technical

• Trained as an auditor in ISO management systems, ideally ISO 27001 but relevant others also considered.
• Strong knowledge of certifications and standards such as ISO 27001, Cyber Essentials (plus), ISO 22301 and/or NIST controls
• Good awareness of IT security measures, best practices and industry standards.
• Good understanding of cyber security and technology
• Knowledge of cloud security or services, especial ly Azure
• Knowledge of Office 365
• Practical and/or theoretical knowledge of security protocols and tools

General

• Strong interpersonal, communication and collaboration skills (spoken, written and presentation) able to work with, influence and educate people at all levels
• Broad ranging consultancy skills (problem solving, change management, influencing, communication, research and data collection and analysis, process mapping, creative thinking, negotiation)
• Credible and effective thinker and planner, with good understanding of the firm's goals and objectives
• Excellent attention to detail in terms of task planning, execution, documentation and communication
• Ability to present ideas in business-friendly and user-friendly language across multiple geographies
• Highly organised and outcome focussed, with strength in prioritising and delivering to audit cycles and deadlines.
• Proactive in the face of challenges, keen to enjoy work and make an effective and collaborative contribution
• Excellent analytical and problem solving skills.

Salary and benefits

We offer competitive salaries and generous benefits. We value the health and wellbeing of our people and our wide range of initiatives and benefits support this.

Our recruitment process

Please note that although we include closing dates for our roles as a guide, we review and progress applications on a rolling basis. At Osborne Clarke we do not make any recruitment decisions using automated decision-making.

We are committed to providing an environment where you can perform to the best of your abilities at every stage of your recruitment experience and beyond. If you require any adjustments to be made during the application stage, interview process, or when working with us, please let us know in confidence.

About Us

Osborne Clarke is an international legal practice with over 330 Partners and more than 1,260 talented lawyers in 26 locations*. Our sector-based approach enables us to help our clients tackle the issues they are facing today, and prepare for the ones that they will face tomorrow. Advising them both comprehensively and commercially. We love working closely with our clients on new deals, products and solutions which will transform their businesses, markets and even sectors. And our unique approachable culture is not an added extra, it's fundamental to our success.

At Osborne Clarke we value difference and encourage applicants from all backgrounds. We want everyone to feel that OC is a place where you can be yourself and belong, and our range of interest groups and diversity networks - not to mention our great teams - are a part of making that a reality.

*Services in India are provided by a relationship firm