Information Security and Business Continuity Specialist – Osborne Clarke
We have an exciting opportunity for an Information Security and Business Continuity Specialist to join our IT team in Bristol. This is a permanent, full time position. Hours of work are 9.00 a.m.- 5.00 p.m., Monday to Friday with flexibility to meet deadlines as required.
With a dual reporting line into the Head of IT Operations and Head of Quality & Risk, this role will be responsible for the following:
Develop, implement and manage an Information Security Framework across the global firm, in line with OC policy, industry best practice, SRA guidelines and Client contractual requirements
Develop, implement and manage a corporate wide BCP programme which identifies risks and assists business recovery and emergency response management.
Specific responsibilities will include:
Information Security Management Framework
Delivery of the Information Security Framework across the global firm, in line with OC policy, industry best practice, SRA guidelines and Client contractual requirements
Increase awareness of Information Security Management across the firm through development of a training and communications plan (with the IT training team)
Support the Quality and Risk team, COLP and COFA in their work to manage risk and security across the firm
Maintain appropriate information Security risk registers and remediation measures with business managers, CCP and IT/Q&R managers
Develop and maintain all required policies and guidelines for Information Security including an internal audit regime.
Ensure that all documentation complies with client requirements, ISO 27001 (or appropriate certifications) and OC policy in order to safeguard confidentiality and integrity of business information
Manage, maintain and regularly review security and compliance regime for ISO 27001 and other appropriate certifications and OC policy
Day to day service level monitoring, detection, prevention and operation of security breach process
Production of Information Security risk indicators including heat maps / models
Production of the Information Security section of the Monthly IT Service Management Report trend analysis and client reports.
Management of Client bids and Client on-boarding
Respond to and support the bid process with regards to Information Security related issues
Manage response to Client’s Information Security questionnaires including attending meetings with client as required
Implementation of Information Security controls for new clients and/or where new services are delivered
Coordinate and manage scheduled audits by external auditors or clients.
Support and assist in the development and maintenance of a Business Continuity Planning Framework which addresses business recovery and emergency response management
Identify and mitigate against gaps in the existing plans to minimise the negative impact of an event
Support all business plan activities necessary to enable OC to manage a crisis event
Design, develop and execute tests against the Business Continuity plans and crisis management scenarios.
Develop and deliver opportunities to reduce costs of failure and inefficiencies
Ensure that all measures implemented are reviewed and audited regularly to meet the needs of auditors and ensure compliance
Identification of areas of improvement for risk management, recommending and implementing best practice where appropriate.
We are looking for somebody with the following skills and experience:
Outstanding communication skills spoken, written and presentation with the ability to influence at the highest levels
Extensive experience working in a multi-site team-oriented, collaborative environment
Professional, articulate, knowledgeable and interested. Willing to contribute at all levels and take the lead in this area
A lateral thinker and planner, credible at a high level
Excellent understanding of the organization’s goals and objectives
Keen attention to detail in terms of both tasks and communications
Proactive, self-motivated and a team player
Good interpersonal skills and able to interact with people at all levels
Able to command respect of highly technical teams and influence at senior levels of the firm
Job specific know how
With a detailed understanding of the Legal environment and the Information Security landscape, the occupier of this post is likely to have previous hands-on experience undertaking a similar role in a law firm
Likely to be professionally qualified to one of CISSP/CISM/CISA with a detailed knowledge of applicable data privacy practices and laws
Thorough understanding of the technologies available in order to improve system availability and meet Business Continuity goals
Broad ranging consultancy skills (problem solving, change management, influencing, communication, research and data collection and analysis, process mapping, creative thinking, negotiation, etc.)
Strong understanding of project management principles
Ability to present ideas in business-friendly and user-friendly language across multiple geographies
Proven analytical, mathematical, evaluative, and problem-solving abilities for the purpose of creating business cases, managing budgets, and so on
Ability to effectively prioritise and execute tasks in a high-pressure environment.