Skip to main content

Information Security Specialist (1900000N)

Posted: 9 Jul 2019 Closes: 17 Dec 2019
Snow Hill Birmingham Two Snowhill Birmingham B4 6WR
Variable 1900000N

Information Security Specialist - (1900000N)


About Gowling WLG

We have more than 1,400 legal professionals working around the world. Our offices span across 19 cities in Canada, the UK, Continental Europe, Asia and the Middle East. There's strength in our global presence – we embrace our differing cultures and work together as one team. We also understand the importance of investing in relationships that build knowledge and trust, while we provide legal advice that's tailored to our clients' world.

'Our people and distinct culture are what makes us different. We know this through client and employee feedback and this drives everything we do'' Chris Oglethorpe, HR Director.

There are great opportunities for all our people to flourish. Through training and personal development they can grow in their role. Our people are the cornerstone of our success, across legal, business support and early talent. We care about their happiness and believe in the power of teamwork. We want them to feel empowered and recognise that by supporting, respecting and embracing everyone's different contributions we achieve more.

Working flexibly, working fairly

Agile working offers people more freedom and flexibility in where, when, and how they work. As technology advances and our workforce becomes more diverse – and with clients often working to a 24/7 rhythm – having extra flexibility is key to helping us balance work and other commitments sensibly and productively.

By supporting people to choose where and when they get their work done, we help them to make a full and fair contribution to their team – while maintaining that all important work-life balance.

Where possible and depending on business needs, we will consider all flexible working options such as part-time working, job sharing, working from home and staggered hours. If in considering a role with Gowling WLG you favour flexibility in your working arrangements, please discuss this with the recruitment team in the early stages of the application process.

Main Purpose of the Job

This is a dynamic role combining security solution design, implementation, assurance and review activities with standards, policy and procedure development.

Strong analytical, information security and application security skills are required along with a technical understanding of the practical application of information security controls within legal services firms.

Main Duties and Responsibilities

To act as an Information Security Specialist for Gowling WLG’s by:

Working with suppliers' support teams and relevant user groups to ensure strong, relevant and up-to-date product knowledge and helping to transfer this knowledge to other members of the IT teams

Understanding technology trends and the practical application of existing, new, and emerging technologies to enable new and evolving operating processes for the business

Analysing the technology industry, competitors and market trends, and determining (and sharing) their potential impact on core technology for the business

Working with the Business Change team to deliver projects including any system upgrades and enabling security - working collaboratively with all colleagues throughout all stages of implementation through to user acceptance and ongoing support and maintenance

Observing good data governance, system controls and documentation as per the firm’s policies

Ensuring that system setup, configuration records and processes are documented and kept up to date

Consulting with Enterprise and Solution Architects to ensure development projects fit systems/infrastructure architecture, and identifying when it is necessary to modify projects to accommodate the systems/infrastructure architecture for security purposes

Provide technical advice and guidance on IT security related requests

Consulting with the Information Security Officer to ensure that any proposed software developments or changes do not compromise the security of the firm’s data

understanding security requirements and issues, and identifying encryption and controls needed to protect information

adhering to privacy by design principles, enabling use of test data, pseudonymisation and encryption at rest, ability to delete data

building in full auditing and error logging to any applications or customisations

ability to output logs of security events to security monitoring software

prioritising security above functionality and performance, whilst being pragmatic and taking a risk based approach

Liaising with external providers to resolve any issues in the functionality and interoperability of new applications, infrastructure and other services with existing IT systems

Participating in 8am to 8pm Service Delivery service provision shifts as necessary

Participating in 8pm to 8am Service Delivery Out-of-Hours Support (OHS) service provision team(s) as an OHS consultant

To promote the chosen subject matter area by:

Being known as the expert and sharing knowledge readily

Creating a ‘brand’ awareness

Developing and maintaining business user and vendor relations

Developing and maintaining best practices and standards

Instilling a positive work environment

Facilitating effective staff development (especially Subject Matter Analysts)

Communicating regularly with all levels of management

Demonstrating the willingness and ability and to take a ‘product owner’ approach to areas of expertise

Support Information & Cyber Security function

Provides security consultancy/advice as needed

Ensures that documentation of the supported components is available and in an appropriate format

Identifies operational problems and accountable for their resolution in accordance with agreed standards and procedures

Provides reports and proposals for improvement

Input into due diligence and relationship management of 3rd party vendors’ security

Support of Threat Detection and Prevention function

Develops new detective and investigative capabilities

Maintains knowledge of security laws, principles and best practices. Must remain current with emerging threats and trends

Performs data analysis and threat research

Supports security risk and vulnerability assessments for defined business applications

Support of Security Infrastructure

Manages processes relating to the installation, maintenance and operation of security infrastructure including firewalls, anti-virus and IPS

Responsible for the implementation of agreed changes

Regularly reviewing infrastructure to ensure best practices are being followed and where necessary to escalate problems/issues (process or compliance) as necessary

Input into technology designs to ensure security standards are adhered to

Enforcing role based access control

Incident handling

Initiates and monitors actions to investigate and resolve problems in systems and services.

Responsible for the implementation of agreed
remedies and preventative measures.

Ensures that incidents and requests are handled according to agreed procedures

Investigates identified security breaches in accordance with established procedures and responsible for applying the appropriate remediation

Conducts forensic investigations for HR, Legal, or incident response related activities


Leads information security related projects

Evaluates new security technologies and products and performs engineer-level work and analysis to determine if solutions should be pursued

Provides security consultancy/advice as needed to operational and project teams

Validates that proposed solutions are acceptable from a security standpoint


Key skills and experience

Required skills:

At least one of CISM, CISSP, CIPP (or other similar certification)

Degree level education or equivalent experience

Experience of people management

Knowledge of network protocols, network hardware, web technologies and hacking techniques

Experience managing identity and access management

Working knowledge of security systems and appliances (Cisco, proxies, endpoint controls, IDS/IPS, DLP, SIEM, vulnerability assessment tools, etc.)

Demonstrated technical understanding of IT infrastructure, applications, data storage and design concepts

Demonstrated technical understanding of cloud services architecture and multi-tenant connectivity solutions

Excellent customer facing, presentation, interpersonal and communication skills, with an ability to share expertise with others

Experience of working in technical and complex change programs

Ability to set and manage priorities judiciously

Exceptionally self-motivated, directed and detail-oriented

Superior analytical, evaluative and problem-solving abilities

Able to adapt to changing circumstances effectively

Ideally a graduate qualified in computer science/information systems/related fields and/or

Three or more years of IT and Business User experience, with sensitivity and commitment to business problem solving - ideally experience of working with a range of technologies (including Microsoft) within business/operations areas of the legal profession or other professional services, with a global component

A minimum of two years of demonstrated competency in a subject matter expert role involving maintaining and improving existing IT/Information systems, solutions and services along with the successful execution of multiple projects for new systems, solutions and services including

strong knowledge of subject matter concepts, patterns and practices

in-depth knowledge of subject matter and its future direction

enterprise IT support experience (ideally on a large scale)

coordinating testing efforts to identify and resolve any system integration issues

ideally experience of Agile or iterative development methodologies (such as DevOps)

Excellent planning and organisational skills

preparing proposals that are acceptable to the technical and business areas

ability to provide reliable work estimates

Excellent understanding of current and emerging technologies and how other enterprises are employing them to drive digital business – with a focus on end-user needs

Excellent written and verbal communication skills, with the ability to effectively communicate technical concepts to non-technical people at all levels

comfortable dealing with key customer decision makers such as IT Directors, project managers and business staff

strong technical writing ability

ability to assist with delivering consultancy and technical advice

Strong analytical, diagnostic and problem-solving skills with the ability to absorb new information quickly

Ability to excel in a fast-paced, ambiguous, and evolving marketplace

Methodical with excellent attention to detail

Ability to adapt to various internal and external situations and deliver high quality service

Team player, providing support to colleagues and managers and working with teams across the firm

Flexible approach with a customer and business focus

Experience of working within a matrix organisation, including reporting into a number of people including technical line managers and project managers

Evidence demonstrating ability to work efficiently and effectively under pressure of deadlines including expertise in prioritising competing workloads

Equal Opportunities

Gowling WLG is committed both to promoting equality and diversity in the firm and to Equal Opportunities in employment. The firm believes in equality of opportunity regardless of race or racial group (including colour, nationality, ethnicity, national origins), religion or belief, age, disability, sexual orientation, sex, gender re-assignment and gender identity, marriage and civil partnership, and pregnancy, maternity and paternity. This also includes any incidents of perceptive or associative discrimination and harassment.

At Gowling WLG we seek to attract and retain talented people from a diverse range of backgrounds and cultures, to create an exciting and rewarding place to work. Our aim is to fulfil everyone's potential and together to achieve personal and business goals.

Job: IT

Organisation: Business Services

Schedule: Full-time

Employee status: Regular

Shift: Day Job

Gowling WLG

Share Job