IT Security Controls & Reporting Analyst

We are seeking a detail-oriented and experienced IT Security Controls & Reporting Analyst to join our IT Infrastructure and Security team.

The successful candidate will be responsible for engaging with client security audits, completing extensive cybersecurity questionnaires, leading third-party vendor assessments from a cybersecurity perspective and maintaining technical documentation.

This role is crucial in ensuring our firm’s compliance with security standards and maintaining the integrity of our IT systems.

• Client Security Audits:Engage with client security audits and ensure all cybersecurity requirements are met. Complete extensive cybersecurity questionnaires accurately and in a timely manner.
• Vendor Assessments: In collaboration with the risk and compliance department, lead the cyber and information security assessments of 3rd party vendors, ensuring they meet our security standards.
• Policy:Develop and maintain security controls and policies to protect the firm’s IT infrastructure.
• Performance Monitoring:Monitor and report on the effectiveness of security controls and recommend improvements. Prepare and present security reports to management and clients.
• Collaboration:Collaborate with internal teams to address security vulnerabilities and implement corrective actions.
• Documentation:Create and maintain detailed documentation regarding cyber security controls.
• Continuous Learning: Stay up to date with the latest cybersecurity trends, threats, and best practices.
• Security Awareness: Assist in the development and implementation of security awareness training programs for staff.
• Support incident response activities and investigations as needed.
• ISO27001:Participate in the annual ISO 27001 certification process.

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• 2-3 years’ experience in IT security, with a focus on security controls and reporting.
• Experience with regulatory compliance and audit processes.
• Experience with security risk assessments and mitigation strategies.
• Knowledge of third-party vendor risk management and assessment.
• Strong understanding of cybersecurity principles, frameworks, and best practices.
• Familiarity with security standards and regulations (e.g., ISO 27001, GDPR, HIPAA).
• Strong understanding and knowledge of cloud security principles and best practices, data protection and encryption technologies, network security, including firewalls, IDS/IPS, and VPNs, identity management.
  

Preferred experience for the role:

• Experience working in a law firm or legal environment.
• Knowledge of legal industry-specific security requirements and challenges.
• Advanced certifications in cybersecurity or related fields.
• Experience with security incident response and management.

• Market leading salary
• Discretionary annual bonus scheme
• 25 days annual leave allowance
• Pension scheme
• TaxSaver and Bike to Work scheme
• Healthcare
• Full gym and wellness programme