Keen to become part of a truly global, collaborative team of professionals? Your journey begins here.
Job Title
Security Compliance Manager
Department
Information Security
Office Location
London
Reports To
Head of Information Risk
Working Hours
35 hours per week, 9:30am to 5:30pm but additional hours may be required. We are happy to consider agile and flexible working patterns. Our approach to hybrid working allows for up to 40% of time working from home and 60% working in the office, please contact a member of the recruitment team to discuss further.
Firm Description
Hogan Lovells is one of the leading global law firms. Our distinctive market position is founded on our exceptional breadth of our practice, on deep industry knowledge, and on our ’one team’ global approach. Formed through the combination of two top international law firms, Hogan Lovells has over 40 offices in the Americas, Asia-Pacific, Europe, the Middle East and Africa.
With a presence in the world’s major financial and commercial markets, we are well placed to provide excellent business-oriented advice to our clients locally and internationally. Our people are the key to our success, which is why we seek to recruit and retain the most talented individuals in all regions of our global practice.
Role Overview
Coordinating and responding to external and internal security and compliance audit activities. Representing the firm’s security program to clients, manage ISO 27001 audits, and will also be responsible for managing security assessments and audits of key partners and, where necessary, firm suppliers.

Key Responsibilities / Accountabilities

• Serve as the primary liaison between the firm and its clients relative to IT and security-centric inquiries.
• Interpret information security data and processes to identify potential security and compliance issues.
• Lead security audits and assessments in compliance with ISO27001 and other related frameworks, including definition of audit scope, control evaluation, test activities, audit reporting, issue resolution, and risk assessment for assigned audit objectives.
• Clearly explain our security and compliance program to clients and other third parties.
• Provide responses to customer security questionnaires and RFPs detailing firm capabilities.
• Develop recommendations to correct control deficiencies and provide ideas for process improvements.
• Collaborate with internal and external stakeholders on controls and gap remediation.
• Manage security and compliance deliverables across multiple teams.
• Coordinate and maintain internal security audit schedule.
• Maintain appropriate documentation and records in order to meet compliance requirements.
• International travel may be required.

Specific duties or responsibilities may be reviewed from time to time to reflect changes in personnel and management structure, staff location or services.
All members of the firm participate in our Responsible Business program.
Person Specification

Experience, Knowledge and Training

• ISO 27001 Lead Auditing.
• Working knowledge of ISO 27001, NIST CSF, and Cyber Essentials Plus requirements and controls.
• 5+ years of IT and Security audits or assessments, or related experience.
• Conceptual understanding of security best practices and solutions.
• Possess a sufficient understanding of technical concepts including systems, networks and security architecture best practices in order to effectively evaluate risk and assess the effectiveness of controls.
• Knowledge of industry compliance standards such as ISO27001.
• Broad knowledge of risk management, vulnerability management, and third party risk.
• Familiarity with control design, execution and monitoring, policies and procedures.

General Attributes

• Demonstrated written and oral communication skills and ability to communicate with all levels of management.
• Ability to interact effectively with, and influence, internal and external customers.
• Keen attention to detail and accuracy in order to analyze and finalize documents.
• Ability to build relationships and work cross-functionally with internal and external constituents.

Agile Working Statement
Our goal is to embed flexibility across our business by giving everyone the opportunity to work in an agile way, whether as a regular pattern or on an ad hoc basis, and we will be happy to discuss this further.
Equal Opportunities Employment Statement
It is the policy of Hogan Lovells to provide equal opportunities for all employees in relation to recruitment, training and promotion. Decisions in these areas will be made only by reference to the requirements of the job and shall not be influenced by any consideration of racial or ethnic origin, religion, sex , gender and gender identity, age, sexual orientation, marital and civil partnership status, pregnancy or disability.

LI-WS

• Serve as the primary liaison between the firm and its clients relative to IT and security-centric inquiries.
• Interpret information security data and processes to identify potential security and compliance issues.
• Lead security audits and assessments in compliance with ISO27001 and other related frameworks, including definition of audit scope, control evaluation, test activities, audit reporting, issue resolution, and risk assessment for assigned audit objectives.
• Clearly explain our security and compliance program to clients and other third parties.
• Provide responses to customer security questionnaires and RFPs detailing firm capabilities.
• Develop recommendations to correct control deficiencies and provide ideas for process improvements.
• Collaborate with internal and external stakeholders on controls and gap remediation.
• Manage security and compliance deliverables across multiple teams.
• Coordinate and maintain internal security audit schedule.
• Maintain appropriate documentation and records in order to meet compliance requirements.
• International travel may be required