Practice Group / Department: IT Security The Team: The scope of the Information Security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. The Information Security team implements and operates a number of security solutions directly, for example the end point EDR, internet security services and the vulnerability scanning platform, and rely on other departments (IT service delivery, HR, Facilities) to operate all other security controls. The Information Security team is responsible for ensuring the overall effectiveness of the control framework and managing security incidents. The team works with unified principles and processes around the world while maintaining regional stakeholder relationships. They adhere to the international standard ISO 27001 and report to the Firm's Chief Information Security Officer. The Role: Provide technical thought leadership to effectively evaluate and assess new products or services as requested by business stakeholders. Support the InfoSec Governance and Compliance team with client bids and audits, acting as a technical SME to assist in the creation of responses to clients to provide assurance. Provide technical assistance to support the functions global Risk Assessment Programme. Provide technical expertise to help regional IT delivery teams deliver “Secure by design” products and services. Support the Continual Service Improvement (CSI) team by reviewing technical design documentation, and attending TDA (Technical Design Authority) meetings, representing the InfoSec function. Assist with remediation of weak controls as necessary, either technically or through influence. Assist with the definition of standards, policies, designs and apply control governance where necessary as a preventative measure. Propose security controls to mitigate identified risks. Act as a technical point of escalation. Maintain effective working relationships with a variety of internal stakeholders. Mentor to junior team members. Skills and Experience Required: Bachelor’s degree in a related discipline (Computer Science, Information Systems Management, Engineering, or similar) Minimum 7 years of experience in a related security field. Previous Network Engineering or Systems Administration background (preferred). Good technical understanding of security products, including but not limited to, web filtering, next generation antivirus/EDR, firewalls and vulnerability management tools. Hands-on knowledge of enterprise architecture principles, and experience of working in complex, hybrid environments. Good understanding of technical risk management and strategies to mitigate risk. Ability to rapidly adapt to change and absorb new technologies. Good understanding of 3rd party/supply chain onboarding and risk management. Strong knowledge of the security landscape (attack vectors, tooling, best practices for assessment, mitigation, remediation and governance). Familiarity with security best practices and risk management operating in a primarily cloud-hosted environment such as Azure (required), GCP and AWS (nice to have), and in other 3rd party SAAS platforms such as M365, etc. Knowledge of Information Security standards such as ISO27001, NIST, CIS. Personal Attributes: Keen sense of responsibility, ability to set a professional example and desire to adhere to defined security practices. Strong technical security understanding. Self-motivated and able to work calmly and methodically under pressure. Analytical, structured and systematic approach to problem solving. Excellent interpersonal skills, exceptional levels of personal integrity and the ability to communicate clearly at all levels through reports, presentations and forming effective matrixed relationships. Flexible approach to incorporate changing priorities. Co-operative, service oriented individual and established team worker, comfortable working in a geographically dispersed team. Good judgement when it comes to confidentiality and sensitivity of information of which they may become aware through the course of their duties. Adaptable and keen to learn new skills. Diversity, Equity and Inclusion To attract the best people, we strive to create a diverse and inclusive environment where everyone can bring their whole selves to work, have a sense of belonging, and realize their full career potential. Our new enabled work model allows our people to have more flexibility in the way they choose to work from both the office and a remote location, while continuing to deliver the highest standards of service. We offer a range of family-friendly and inclusive employment policies and provide access to programmes and services aimed at nurturing our people’s health and overall wellbeing.