Global Security GRC Analyst (Governance, Risk, and Compliance)

Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.

The Global Security GRC Analyst will operate across a broad range of operational security control domains to identify, track and support the management of information security, physical security and business resilience (continuity and disaster recovery) risks and controls. The role will work closely with decision makers across the organization to identify, recommend, develop, implement, and support effective solutions and compliance for client security requirements and security risk-related aspects of the Firm.

Responsibilities

• Manage, review and respond to client security requests, assessments and audits.
• Monitor, assess, and report on physical, geographical, and environmental events in collaboration with global and regional teams, ensuring timely response and thorough investigation of alerts.
• Support internal and external audit functions regarding business continuity, resilience, and physical security matters.
• Report on annual internal security audits.
• Work directly with technology, legal, risk and other teams to identify and evaluate potential risks.
• Assist in developing, enhancing, and maintaining crisis and security management procedures, resilience, business continuity management policies, and physical security processes.
• Monitor, track and assess security framework compliance, including ISO 27001, ISO 22301 and SOC2.
• Help manage relationships with critical third-party suppliers to ensure their alignment with the firm’s continuity and security needs.
• Stay up to date with industry and regulatory developments to ensure compliance and relevance in our client assurance, business continuity and physical security programmes.

For this role, we value ability, attitude and aptitude over experience and skills as we have a strong training ethos.

• Ability – quick to learn new skills and concepts.
• Attitude – self-motivated, driven, passionate about solving problems and getting the job done right.
• Aptitude – great at solving problems and unravelling puzzles.
• Able to effectively multi-task, prioritize and execute tasks in an exciting and busy environment
• Can work independently and collaborate with geographically dispersed teams.
• Excellent written and verbal communication, interpersonal, intercultural, and presentation skills.
• Occasional travel to support global cyber security operations and incident response may be necessary.

Ideal candidate will have the following technical experience:

• Professional experience in a support role within Business Continuity or Physical Security in a complex environment. Experience in professional services or a partnership environment is beneficial.
• Knowledge of information security, physical security and information governance processes and technologies.
• Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks.
• Experience with client audit processes.
• Knowledge and experience of protective and detective controls, and standards such as the National Institute of Standards and Technology Cyber Security Framework, ISO-27001, PCI-DSS and Sarbanes-Oxley while providing oversight to operational teams to embed those standards in conjunction with technical and security architecture frameworks.
• Preferred industry certifications include Certificate of the Business Continuity Institute (CBCI), Disaster Recovery Institute (DRI) or equivalent, CISA, CISM, CRISC.
• Proven ability to influence and communicate effectively at all levels (technical contributors up to senior management).
• Experience with governance documents, including policies, standards, baselines, procedures and guidelines.
• Familiarity with IT Disaster Recovery and IT Services Continuity Management.
• Basic knowledge of Risk Management and BC regulatory international requirements.

Remuneration and benefits package will reflect the successful candidates experience and country where hired.