Information Security Officer

Gowling WLG
03 Jul 2017
25 Jul 2017
Contract Type
About Gowling WLG

Gowling WLG is a new international law firm created by Gowlings, a leading Canadian law firm, and Wragge Lawrence Graham & Co (WLG), a leading UK-based international law firm. We built Gowling WLG to provide clients with legal services at home and around the world, and to help you succeed no matter how challenging the circumstances.

Gowling WLG clients have access to in-depth expertise in key global sectors along with a top-tier suite of legal services. With more than 1,400 legal professionals across offices in 18 cities worldwide and specialised expertise in countries around the globe, we're positioned to help clients rise to the challenges they face - both today and tomorrow.

Main Purpose of the Job

Manage, maintain and monitor the Information Security Management System (ISMS). Embed a culture of information security within the firm, with a focus on security by design.

Main Duties and Responsibilities

Provide subject matter expertise to the business in the area of Information Security

Lead in the development of information security policies, procedures and standards in line with business needs, assist the Service Delivery teams in enforcing the agreed policies and audit the adherence to those policies in line with agreed KPIs and SLAs

Manage and maintain security awareness campaigns for staff to enhance the security culture and develop a general understanding of their responsibilities.

Monitor and ensure compliance with security standards such as ISO 27001.

Carry out Information security related audits and 3rd party supplier audits, analyse results from third party security questionnaires and audits, identify the risks within those results and publish within the ISMS

Manage identification and rectification of security incidents, reporting progress and providing expertise in response to emerging threats

Advise management on how to meet any information security requirements, and on any changes to information security regulations/compliance.

Manage and drive the business to respond accurately and appropriately to due diligence questionnaires and external audits.

Act as an initial escalation point within the BIS department to respond to Information Security questionnaires

Develop a knowledge base and FAQ section for Information Security

Develop, maintain and publish a security information pack to be distributed to selected clients on request or as part of the client on-boarding process

Carry out information risk assessments in line with ISO 27001 and maintain the results within the ISMS

Comply with the Integrated Management System (IMS) to ensurealignment and adherence to common document format, communications, testing and review.

Liaise with clients/potential clients in relation to their information security requirements.

Improve the process (including automation) of client security audits.

Help drive a security culture within the BIS team through regular educational sessions, being a champion for how good information security is a business enabler rather than a blocker

Support the BIS Leadership team to embed Information Security into the overall Enterprise Architecture

Involvement in the budget setting process and building business cases for investment in tools that may improve the security posture of the firm

Monitor suppliers for performance to targets and deliverables to ensure that any projects remain on budget

Key skills and experience

Strong working knowledge of ISO 27001 and the ability to carry out information security audits.

Understanding of Compliance, Risk and working in a controlled environment.

Experience in information security management and control in a professional services context.

Experience in information security policy development and audit.

General understanding of Enterprise Architecture in a security context

Good understanding of newly emerging IT technologies and architectures in a corporate environment.

Ability to understand the business requirement and apply a security framework the fits with our risk appetite and the overall Enterprise Risk Management Programme

Ability to produce management reports that help drive actionable decisions

An underlying technical background, with a good understanding of general technology landscape

Experience of public cloud architecture and how to deliver secure solutions utilising "as-a-service" type delivery models

Ability to communicate complex messages in a clear, concise manor to all audiences

Ability to cultivate and nurture relationships across BIS and the Firm

Equal Opportunities

Gowling WLG is committed both to promoting equality and diversity in the firm and to Equal Opportunities in employment. The firm believes in equality of opportunity regardless of race or racial group (including colour, nationality, ethnicity, national origins), religion, caste or belief, age, disability, gender, gender identity, gender reassignment, sexual orientation, marriage and civil partnerships, surrogacy, adoption and parental rights. This also includes any incidents of perceptive or associative discrimination and harassment.