Team: IT Compliance & Information Security
Reports to: IT Compliance Manager
Purpose of job:
As part of the IT compliance function you will work in a team responsible for ensuring compliance with BCLP’s information security and data privacy requirements and embedding a culture of learning and continuous improvement so that BCLP can demonstrate the highest possible standards both internally and externally to our clients, regulators and other stakeholders.
Key responsibilities
1. Takes a leading role in maintaining BCLP’s ISO27001 ISMS certification working flexibly and collaboratively across all teams.
2. Mapping/aligning the firm’s data privacy policies and procedures with ISO 27001.
3. Support the development and implementation of relevant policies, processes and procedures, maintaining an appropriate review cycle and ensure joined up working is taking place across the wider teams in order to support and achieve BCLP’s strategic aims.
4. Maintain appropriate evidence and records of compliance, particularly in relation to information security, data protection and BCLP’s Information Security Management Systems.
5. Review and updating risk register entries as appropriate.
6. Working with the Director of Information Security; review and enhance information security and data privacy awareness, training, and education.
7. Manage internal audits relating to the ISMS ensuring that robust policies, procedures and controls are in place and effectively implemented.
8. Working with team members manage the Client information security and data privacy process including completion of questionnaires, pitches and review of Client terms. Schedule and participate in client audits and assessments of information security policies, standards, and procedures.
9. Co-ordinate the remediation of internal and external audit concerns and issues ensuring actions are fully documented and provide progress reporting to internal and external stakeholders.
10. Work with relevant stakeholders to ensure the completion of third-party supplier information and data privacy reviews including as appropriate the completion of questionnaires.
11. Acts as point of escalation for queries on reviews of information security and data privacy security questionnaires completed by suppliers and liaise with contract owners and Director of Information Security to ensure supplier has appropriate security controls in place. Meets with suppliers, as necessary, to discuss outstanding queries.
12. Support the implementation and development of appropriate systems to support the firms information and data privacy objectives.
13. Analyse and produce reports as required in support of the ISMS.
Key relationships:
* Director of Information Security
* Technology Project Managers
* Director/Heads of Technology Department
* Office of General Counsel
* Compliance Officer for Data Protection
Experience and knowledge
1. Demonstrates a comprehensive understanding of Information Security & Data Privacy Frameworks (e.g. ISO27001, NIST, ISO27701).
2. A minimum of 3 years’ experience of maintaining ISO27001 certification.
3. ISO27001 Lead Auditor certified.
4. Experience in managing and running an internal audit programme.
5. Understanding of risk management processes.
6. The ability to manage and lead client facing audits and reviews.
7. Demonstrates a good understanding of technology systems and architecture.
8. An interest in Technology and adopting new working methods.
9. The ability to provide excellent service, including being able to negotiate among stakeholders to agree a suitable outcome.
10. The ability to communicate and work cooperatively and inclusively with others to achieve shared goals, including encouraging and facilitating effective compromise.
Skills and competencies
1. Trustworthy with the ability to display discretion when dealing with confidential and sensitive information.
2. Demonstrates strong organisational skills and the ability to work across multiple projects and teams maintaining clear and concise records and documentation.
3. Demonstrates composure when dealing with difficult situations.
4. Creates a positive impression at all times; develops relationships through collaboration and reciprocity.
5. Invests in, nurtures and builds a network of productive relationships.
6. Respectful to others, regardless of their position, and earns the respect of others by being transparent.
7. Has care and concern for others and a genuine interest in others as people.
Diversity, inclusion and working differently
Diversity and inclusion is at the heart of our firm. At BCLP we aim to create an inclusive and inspirational culture where all our employees are valued, motivated and able to be themselves. BCLP is a firm with an increasingly flexible workforce and is supportive of flexible working arrangements, tailored to the individual, wherever possible.
Please feel free to speak to the Resourcing Team about the flexibility we are offering for this role.
Confidentiality
To ensure all hardcopy materials containing confidential information are securely stored and accessible only to those authorised to view such content.
To ensure all confidential information stored electronically is securely stored and accessible only to those authorised to view such content.
Disclosure
As a regulated firm of solicitors, Bryan Cave Leighton Paisner LLP (“BCLP”) is required to undertake appropriate vetting of staff. In addition to completion, by applicants who accept a job offer, of a regulatory questionnaire, BCLP uses a specialist provider to undertake professional verification and background checks (including through electronic data sources, and directly with employers and professional bodies/regulators) on our behalf. We will also undertake certain verifications ourselves.
BCLP adopts a risk-based approach to its vetting procedures, which are only undertaken with consent, and in accordance with its legal and regulatory obligations. For further details, please see our recruitment website: https://jobs.bclplaw.com/.
#J-18808-Ljbffr