Information Security Officer - CISSP/CISA/CISM

Precise Placements Ltd
London (Greater)
£90 - £125,000 + benefits
13 Nov 2017
16 Nov 2017
Contract Type
Full Time

Information Security Officer - CISSP/CISA/CISM, Data Protection/GDPR

Our leading global law firm client require an Information Security Officer (CISSP/CISA/CISM, Data Protection/GDPR) on a permanent basis to be responsible for the firms information security across the organisation in collaboration with other key stakeholders in the business.

As the firms Information Security Officer (CISSP/CISA/CISM, Data Protection/GDPR) you will include cross-functional management of the information security aspects of the work and systems that relate to legal teams and business service teams.

The right Information Security Officer (CISSP/CISA/CISM, Data Protection/GDPR) you will identify and operationalise security initiatives and standards that need to be applied to the operating environment, processes, procedures and policies.

Key responsibilities for this Information Security Officer (CISSP/CISA/CISM, Data Protection/GDPR) are:

  • Developing and maintaining a commercial information security strategy to include information, business and compliance risks;
  • Oversee the firm's information security policies, documentation and the associated operational actions that relate to that globally
  • Taking responsibility for developing and maintaining an information security architecture that provides a framework for the application of standard security controls throughout the organisation;
  • Ensure the organisation and minute taking of the Information Security Steering Group meeting and publication to the intranet pages
  • Proactively identify security deficiencies or opportunities for improvement and facilitate the development of commercial and pragmatic solutions
  • Working closely with the IT Security Analyst, the role holder will assess, define and address IS policies and controls actively
  • Maintain action plans and other critical information such as the risk assessment log and incident reports
  • Oversee incident response planning as well as the investigation of security breaches
  • Ensure all operational activities and projects are designed with Information Security in mind
  • Develop a security awareness programme and ensure it is complied with globally
  • Responsible for the day to day management of client and third party questionnaires, pitches, tenders, risk analysis and remediation questionnaires
  • Is the main point of contact engaging with partners and clients on security audits

The Key Accountabilities for this Information Security Officer (CISSP/CISA/CISM, Data Protection/GDPR) are:

  • Responsible for security strategy and security initiatives aimed at safeguarding the firm
  • Participates in business continuity planning, data loss prevention and fraud prevention
  • Identifies security architecture, protection goals, objectives and metrics consistent with corporate strategic plan
  • Manages the development and implementation of global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security
  • Oversees incident response planning as well as the investigation of security breaches, and assists with disciplinary and legal matters associated with such breaches as necessary
  • Ensures the firm's security policy documentation is kept up to date, including the staff hand books used throughout the different regions
  • Contributes to the physical security aspects of running the firm's offices working with Facilities as required
  • Annual assessment of the firm's information security status and roadmap as part of business planning
  • Influence and drive continuous improvement in the area of Information Security Risk Management

To be considered for this Information Security Officer (CISSP/CISA/CISM, Data Protection/GDPR) you must meet this criteria:

  • General understanding, to appreciate implications, of the compliance, legal and ethical obligations that organisations should have with respect to digital and physical security, personally identifiable information and data protection/GDPR
  • An awareness of security intrusion, detection, and prevention methodologies.
  • An awareness of security testing and hardening strategies
  • An awareness of intrusion detection system, hacker techniques, phishing schemes, emerging logical security threats, and compromised server techniques
  • Global information security standards, best practices and security controls
  • Pertinent legal and compliance frameworks
  • Security Architecture to safeguard critical information and assets
  • Physical Security
  • Provides thought leadership and technical input to support informed decision making

Responsible for managing projects in their area of expertise;

  • Experience working with technical people responsible for implementing security technology
  • Ability to dig into details as well as analyse data from a high level view
  • CISSP/CISA/CISM certification required

This job was originally posted as