Information Security Assessment Lead

Practice Group / Department:

Job Description

We're Norton Rose Fulbright - a global law firm with over 50 offices and 7,000 employees worldwide. We provide the world’s preeminent corporations and financial institutions with a full business law service. At Norton Rose Fulbright, our strategy and our culture are closely entwined. We know that our expansion will mean little unless it is underpinned by truly global collaboration and we understand that pioneering work only takes place when our people have room to move and think beyond boundaries. As well as the relevant skills and experience, we're looking for people who are innovative, commercial and value the work that they do. 

The Team:

The scope of the Information Security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. The Information Security team implements and operates a number of security solutions directly, for example the end point EDR, internet security services and the vulnerability scanning platform, and rely on other departments (IT service delivery, HR, Facilities) to operate all other security controls.

The Information Security team is responsible for ensuring the overall effectiveness of the control framework and managing security incidents. The team work with unified principles and processes around the world while maintaining regional stakeholder relationships. They adhere to the international standard ISO 27001, and report to the Firm's Chief Information Security Officer.

The Role:

• Provide technical thought leadership to effectively evaluate and assess new products or services as requested by business stakeholders.
• Support the InfoSec Governance and Compliance team with client bids and audits, acting as a technical SME to assist in the creation of responses to clients to provide assurance.
• Provide technical assistance to support the functions global Risk Assessment Programme.
• Provide technical expertise to help regional IT delivery teams deliver “Secure by design” products and services.
• Support the Continual Service Improvement (CSI) team by reviewing technical design documentation, and attending TDA (Technical Design Authority) meetings, representing the InfoSec function.
• Assist with remediation of weak controls as necessary, either technically or through influence.
• Assist with the definition of standards, policies, designs and apply control governance where necessary as a preventative measure.
• Propose security controls to mitigate identified risks.
• Act as a technical point of escalation.
• Maintain effective working relationships with a variety of internal stakeholders.
• Mentor to junior team members.

Skills and Experience Required:

• Bachelor’s degree in a related discipline (Computer Science, Information Systems Management, Engineering, or similar)
• Minimum 7 years of experience in a related security field.
• Previous Network Engineering or Systems Administration background (preferred).
• Good technical understanding of security products, including but not limited to, web filtering, next generation antivirus/ EDR, firewalls and vulnerability management tools.
• Hands on knowledge of enterprise architecture principles, and experience of working in complex, hybrid environments.
• Good understanding of technical risk management, and strategies to mitigate risk.
• Ability to rapidly adapt to change and absorb new technologies.
• Good understanding of 3rd party/supply chain onboarding and risk management.
• Strong knowledge of the security landscape (attack vectors, tooling, best practices for assessment, mitigation, remediation and governance).
• Familiarity with security best practices and risk management operating in a primarily cloud hosted environment such as Azure (required), GCP and AWS (nice to have), and in other 3rd party SAAS platforms such as M365 etc.
• Knowledge of Information Security standards such as ISO27001, NIST, CIS.

Personal Attributes:

• Keen sense of responsibility, ability to set a professional example and desire to adhere to defined security practices.
• Strong technical security understanding.
• Self-motivated and able to work calmly and methodically under pressure.
• Analytical, structured and systematic approach to problem solving.
• Excellent interpersonal skills, exceptional levels of personal integrity and the ability to communicate clearly at all levels through reports, presentations and forming effective matrixed relationships.
• Flexible approach to incorporate changing priorities.
• Co-operative, service orientated, individual and established team worker, comfortable working in a geographically dispersed team.
• Good judgement when it comes to confidentiality and sensitivity of information of which they may become aware through the course of their duties.
• Adaptable and keen to learn new skills.

Diversity, Equity and Inclusion

To attract the best people, we strive to create a diverse and inclusive environment where everyone can bring their whole selves to work, have a sense of belonging, and realize their full career potential. 
Our new enabled work model allows our people to have more flexibility in the way they choose to work from both the office and a remote location, while continuing to deliver the highest standards of service. We offer a range of family friendly and inclusive employment policies and provide access to programmes and services aimed at nurturing our people’s health and overall wellbeing. Find more about Diversity, Equity and Inclusion here.

We are proud to be an equal opportunities employer and encourage applications from individuals who can complement our existing teams. We strive to create an inclusive and accessible recruitment process for all candidates. If you require any tailored adjustments or accommodations, please let us know here.