Information Secruity Officer

We are seeking an experienced Information Security Officer to own and further develop the firms information security governance risk and compliance framework. Building on an established ISO 27001certified environment this role offers genuine scope to streamline refine and enhance existing approaches allowing you to put your own stamp on how information security operates within a modern law firm. Working closely with the wider IT team and Risk and Compliance you will act as a trusted adviser to senior stakeholders embedding practical riskbased security into daytoday business activities.

You will oversee information security risk management client and regulatory assurance supplier security and security awareness across the firm. This is a role with real autonomy and is ideal for someone who enjoys ownership influence and the opportunity to shape and grow a function as the firm continues to evolve

As the Information Security Officer you will:

Governance & Policy

• Own and maintain the firms information security governance framework ensuring it remains current riskbased and aligned to business strategy.
• Define draft and maintain information security policies standards and procedures ensuring they are clear proportionate and practical for a modern law firm.
• Ensure policies and standards are regularly reviewed approved through appropriate governance and effectively communicated across the firm.
• Provide authoritative guidance on information security matters acting as a trusted adviser to senior stakeholders and the wider business.
• Embed securitybydesign principles into business processes projects and decision

Compliance & Assurance

• Own and operate the firms Information Security Management System (ISMS) in line with ISO 27001 / ISO 27002.
• Lead preparation for and ongoing compliance with ISO 27001 surveillance and recertification audits driving continual improvement.
• Maintain oversight of Cyber Essentials Plus ensuring readiness for annual assessments and ongoing compliance with requirements.
• Coordinate internal information security reviews and audits ensuring findings are addressed and actions tracked to completion.
• Provide regular concise management reporting on information security posture risks and compliance status.

Client & Regulatory Assurance

• Act as the firms primary point of contact for client information security assurance activities including questionnaires and audits.
• Provide clear consistent evidence of the firms information security controls and governance arrangements.
• Support the business in meeting regulatory and contractual information security obligations working closely with Risk and Compliance functions.

Risk Management

• Lead the identification assessment and ongoing management of information security risks across the firm.
• Maintain oversight of the firms information security risk register ensuring risks are clearly articulated prioritised and owned.
• Work with IT Risk & Compliance and business stakeholders to agree proportionate risk treatments aligned to the firms risk appetite.

ThirdParty & Supplier Assurance

• Define and maintain the firms approach to thirdparty information security assurance.
• Support due diligence activities for new existing suppliers and their solutions assessing information security risk and alignment to firm standards.
• Act as product owner for the supplier management system accountable for the system roadmap configuration and continuous improvement and supporting the process owner in delivering a compliant and effective supplier management process.

Security Awareness & Culture

• Design and oversee the firms information security awareness and training programme ensuring relevance for different roles and audiences.
• Promote a securityconscious culture encouraging shared responsibility for protecting information.

We are looking for:

Experience

• Proven experience in an Information Security / GRC role with responsibility for governance risk management and compliance.
• Certified ISO Lead Implementer/Auditor with strong working knowledge of ISO 27001 and ISO 27002 including operating and improving an ISMS in a regulated or professional services environment.
• Experience supporting Cyber Essentials Plus or similar assurance frameworks.
• Good understanding of GDPR data protection principles and the management of confidential personal and sensitive information.
• Experience working with nontechnical stakeholders translating security requirements into practical businessappropriate controls.
• Experience supporting internal audits external assessments and client assurance activities.

Skills

• Strong influencing and stakeholder management skills with the confidence to constructively challenge and drive change.
• Ability to take a riskbased pragmatic approach balancing security usability and business outcomes.
• Clear written and verbal communication skills with the ability to produce highquality policies reports and guidance.
• Logical methodical approach with strong attention to detail.
• Excellent organisational skills and the ability to manage multiple priorities effectively

Some of our benefits include:

• Salary up to 57000 per annum depending on experience
• Earn up to 10% of your salary with our annual bonus scheme.
• Minimum of 25 days annual leave plus Bank Holidays per year increasing to 31 days with length of service with the opportunity to buy up to 5 days holiday per year.
• Hybrid working with on average 40-60% of your time spent in the office.
• Auto enrolled into the workplace pension scheme and well contribute a minimum of 6% of your salary.
• 4x your annual salary in the event of a death in service.

Find out more about working at Walker Morris here.

Company Values

Our shared values represent our culture and the things that are important to us. They define who we are as a Firm as an employer and what we expect of our people. They provide direction and purpose by influencing the decisions that we make and the actions that we take. Its really important that all candidates and employees demonstrate these values in their day-to-day activities:

• Embrace the fact everyone is different and unique.
• You can be serious without wearing a suit.
• Never lose sight of the bigger picture.
• Two heads are better than one.
• Take the bull by the horns.
• We win & lose together.

Walker Morris is committed to being an inclusive employer. We welcome applications regardless of sexual orientation gender identity and expression age neuro diversity or disability status family or parental status racereligionor ethnicity.Clickhereto find out more about our diversity and inclusion work.

If you need any reasonable adjustments throughout the recruitment process pleasedonthesitate to ask. We are aDisability Confident employer.