Information Security Officer & Auditor

at  Clarke Willmott

VACANCY DETAILS

We have an exciting role within our Information Security and Data Protection team. You will be involved in conducting internal Information Security IT Audits, assisting with supplier reviews and risk assessments to support our internal governance program.
Role: Information Security Officer & Auditor
Location: Bristol or Taunton
Hours: Full Time or Part Time
Term: Permanent
Vacancy Reference: 1319-BBL

WHO WE ARE

You’ll be joining a national law firm that enjoys a strong reputation, made possible by our exceptional people – each chosen for their industry knowledge and passion for their field. We want to help you to reach your full potential, love the work you do and deliver the best results for your clients. It’s our goal to make you feel great about working with us, and we work hard to cultivate a culture that makes it easy for you to stay with us for many years.
We work flexibly and you’ll be empowered to work where you do your best work, balancing your individual needs with the need for us to engage as teams and deliver excellent client service.
Most of our people choose to work in a hybrid fashion, working from home and attending our offices on occasion. Our offices are in Bristol, Birmingham, Cardiff, London, Manchester, Southampton, and Taunton.

DAY TO DAY, YOU’LL BE SUCCESSFUL IN THIS ROLE BY:

This is a role established to recognise the importance that Clarke Willmott places on compliance with information security and data protection principles. Ultimately reporting to the Head of Information Security and Data Protection, you will be responsible for a number of important functions within the Information Security and Data Protection Team, including:

• Conducting internal ISO27001 audits, with a focus on IT.
• Assisting with conducting risks assessments and due diligence checks for projects, new technology and suppliers.
• Conducting meetings with risk and project owners to ensure risks and audit outcomes are managed to completion.
• Promoting discussion on potential solutions for information security improvements.
• Helping to improve information security awareness throughout the firm through training and practical advice.
• Assisting the ISDP team in monitoring changes in our risk landscape through learning and knowledge sharing.
• Keeping audit, risk and procedural documentation up to date.

As part of a relatively small team, you will also need to assist others or work on additional tasks in line with the overall responsibilities of the Information Security & Data Protection function such as:

• Assisting with administration of information security incidents.
• Assisting in information security or data protection related projects.

It is an integral part of this role that you comply with data security and all firm policies and procedures.

THIS ROLE IS RIGHT FOR YOU IF:

You will have IT based information security experience and an understanding of data privacy. Ideally you will have ISO27001 audit experience and/or experience in IT risk assessments or supplier due diligence.
You be able to identify and clearly present audit and risk findings to internal stakeholders in an objective manner both in written reports and at meetings. You will be able to work proactively with stakeholders to help them understand and resolve information security weaknesses.