Information Security Compliance Analyst

The role

The Information Security team are responsible for security activities across the DLA Piper International firm.

The Information Security and Compliance Analyst will ensure security controls are operating effectively and in accordance with relevant regulatory and industry best practices. 

They will identify, report and act upon audit and compliance risks, directing and co-ordinating the response with other groups to mitigate any threats.

MAIN DUTIES AND RESPONSIBILITIES
The Information Security Team is responsible for ensuring compliance with information security controls, management policies and procedures that are a core component of the firm’s ISO 27001 certification.

The key areas of responsibility are (but not limited to):

• Ensure the continual effectiveness of ISO 27001 Information Security Management System (ISMS) and adherence to the standard
• Maintaining ISO 27001 certification
• Perform regular compliance testing of the firms Cyber Essentials Plus certification
• Respond to client audits and act as subject matter expert for client questionnaires
• Ensure policies and processes are in line with regulatory and internal standards
• Conduct assessments to evaluate compliance with the firms security policies, procedures and controls
• Agree risk and audit remediation action plans with appropriate cross functional owners ensuring mitigation is completed on time
• Escalate high & critical risks or risk trends to appropriate leadership teams
• Manage the internal assurance audit schedule 
• Provide Audit and Compliance metrics
• Embed compliance culture and risk awareness across the firm
• terms and Master Services Agreements
• This role will partner with key functions such as architecture and design authorities to identify opportunities for new and enhanced security controls
• Stay up to date with the latest information security trends as relevant to the role and risk environment

ABOUT YOU

• Experience of operating, monitoring and implementing security policies, standards and controls
• Understanding of information security controls and technology
• Experience of working with and auditing ISO 27000 ISMS
• Experience of Cyber Essentials Plus
• Managing external audit activity and supporting internal audits
• Understanding of risk management

The ideal candidate should have excellent soft skills and understand how to communicate within a large organisation and with staff within the business. Experience in the security industry is a must and a good breadth of security knowledge is essential.

The ideal candidate may hold security certifications such as CISA, CRISC, ISO27001 Lead Auditor with other security certifications being beneficial.  A good understanding of IT systems and security technologies is required.

The following characteristics are essential:

• Strategic Perspective – Keeping organisational objectives and strategies in mind, and ensuring courses of action are aligned with the strategic context
• Influence, Persuasion and Personal Impact – Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority
• Interacting with People – Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences
• Flexibility – Taking account of new information or changed circumstances and/or business requirements and modifying response to a problem or situation accordingly
• Commercial Orientation – Understanding commercial considerations and ensuring alignment with them when making decisions or recommending actions
• Initiative – Being proactive, anticipating opportunities for systems, service or product improvement or development and taking appropriate action(s)
• Persistence – Meeting targets, acting and/or fulfilling agreements even when adverse circumstances prevail
• Organisational Awareness – Understanding the hierarchy and culture of own, customer, supplier and partner organisations and being able to identify the decision makers and influencers

Key Relationships:

• Client Relationship Managers and Clients
• IT and Security architects, Project Managers, Engineers and Analysts
• IT Managers
• Broader Risk and Compliance functions
• Data Privacy

ABOUT US
DLA Piper is a global law firm with lawyers and business service professionals located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa and Asia Pacific. Our global reach ensures that we can help businesses with their legal needs anywhere in the world. We strive to be the leading global business law firm by delivering quality, service excellence and value to our clients and offering practical and innovative legal solutions to help them succeed. Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies, as well as government and public sector bodies.

OUR VALUES
In everything we do connected with our People, our Clients and our Communities, we live by these values:

• Be Supportive – we are compassionate and inclusive, valuing diversity and acting thoughtfully
• Be Collaborative – we are proactive, passionate team players investing in our relationships
• Be Bold – we are fearless and inquisitive, challenging ourselves to think big and find creative new solutions
• Be Exceptional – we are strategic and driven, exceeding standards and expectations

DIVERSITY AND INCLUSION
At DLA Piper, diversity and inclusion underpins how we live our values and everything we do. We believe that everyone has a voice, and that everyone’s voice counts. We know that the rich diversity across our firm makes us stronger, more innovative and creative, which helps us to better serve our clients and communities. We are committed to providing an inclusive working environment and culture across our global firm, where everyone can bring their authentic self to work.

Diversity of perspective, thought, background and culture combine to make us the leading global law firm; that’s why we actively seek to build balanced teams. We welcome the unique contribution that you will bring to our firm and actively encourage applications from all talented people – however your talent is packaged, whatever your background or circumstance and regardless of how you identify.

HYBRID WORKING
We recognise that people have responsibilities and interests outside of their career and that as a business, we all benefit from working flexibly. That’s why we are open to discussing with candidates the different ways in which we are able to support requests for agile working arrangements.

PRE-ENGAGEMENT SCREENING
In the event that we make an offer to you, and where local legislation permits and where relevant, we will conduct pre-engagement screening checks that may include but are not limited to your professional and academic qualifications, your eligibility to work in the relevant jurisdiction, any criminal records, your financial stability and work-related references.