Global Information Security Risk & Compliance Manager

Allen & Overy ,
London, Greater London

Overview

Job Description

Job title: Global Information Security Risk & Compliance Manager Job description: We are currently recruiting for a Global Information Security Risk & Compliance Manager to join our IT team in either London or Belfast. This role leads on all InfoSec risk and assurance related matters for the InfoSec, IT, and Client Audit teams. * Client InfoSec requirement compliance - In partnership with the Client Audit Team, manage the process by which our clients audit A&O's information security controls. Review changes in client requirements in order to verify A&O's capability to comply, or recommend investment cases to meet control gaps. Prepare for and attend client audit meetings / visits. Liaise directly with senior stakeholders when negotiating control changes. Manage the workload of a team of InfoSec assurance analysts in order to maintain the flow of client audit and remediation requests. Be the operational champion for process efficiency work and self-service projects in this space. * InfoSec framework maintenance and governance - Own the maintenance of the ISO27001 framework for the firm. Conduct the annual policy review & sign-off, and manage the process of external audit (at least 3 a year across multiple locations) on the framework. Prepare for and manage the ISO27001 governance meetings across the firm, bringing together senior stakeholders to review and challenge progress. * Technology risk process and the IT elements of annual financial audit - Lead the quarterly cycle of reviewing the IT Risk Register with senior management in IT. Manage the IT component of the annual external financial audit. * Global Security Champions community and InfoSec awareness materials - Lead regional security champions' knowledge sharing, training, and certification programmes. Make updates to the firm's annual InfoSec compliance training and new joiners InfoSec awareness training as and when required. Role and responsibilities Business / IT Strategy * Support the CISO in clearly understanding risk across the IT and Shared Services functions. * Support the CISO and Security Architects in contributing to the selection of appropriate technology solutions to fulfil security & business requirements. * Support the CISO in developing and maintaining successful internal and external business relationships (at senior level) in order to understand existing and emerging InfoSec & Cyber risks. Supplier Management * Maintain a broad understanding of how the organisation sources, deploys and manages external partners. * Support the CISO in ensuring that supplier performance is properly monitored and regularly reviewed as defined by the Supplier Management Framework. * Support the CISO in providing advice on policy and procedures covering the selection of suppliers, tendering and procurement. * Works closely with the Procurement team to ensure all areas of commercial negotiation are documented and adhere to the Supplier Management processes. Risk Management * Operate the IT Risk Management framework for IT. * Coordinate and monitor the development of risk treatment plans. Quality, Methods & Tools * Facilitate improvements to processes using industry best practices, typically using recognised frameworks such as ISO27001. * Support the CISO with the design and delivery of communication and training activities to update and refresh colleagues' knowledge on quality standards. * Take responsibility for the control, update and distribution of quality standards and advise on their use concerning InfoSec compliance. Information Security The role holder is expected to consider all aspects of IT Risk Management as well as Information Security Compliance and Assurance. A clear and demonstrable understanding of all aspects of Information Security is required, along with the ability to promote awareness and encourage compliance with Information Security principles. Key requirements Business Competencies * Ability to develop good working relationships across the firm and effectively share knowledge between individuals and teams to contribute to the overall effectiveness of project and service improvement work. * Commercial acumen including an understanding of the overall picture of how technology adds value to the business. * High level of personal credibility, impact and influence at all levels of the organisation. * Excellent communication and presentation skills, both orally and written. * Ability to manage ambiguity and often conflicting priorities. * Highly self-motivated, self-starter, who will undertake all activities to the highest professional standards. * Experience of working in a global environment with an appreciation of multiple cultures. Knowledge * Detailed practical knowledge of Cyber Security, particularly with regard to IT network and general IT infrastructure. * Expected to have a solid understanding of all major technologies used in Cyber Security. * Knowledge of technology trends. * Knowledge and experience of working in ITIL envir