Skip to main content

Information Security Specialist (1900000N)

Posted: 9 Jul 2019 Closes: 17 Sep 2019
Snow Hill Birmingham Two Snowhill Birmingham B4 6WR
Variable 1900000N

Information Security Specialist - (1900000N)

Description







About Gowling WLG



We have more than 1,400 legal professionals working around the world. Our offices span across 19 cities in Canada, the UK, Continental Europe, Asia and the Middle East. There's strength in our global presence – we embrace our differing cultures and work together as one team. We also understand the importance of investing in relationships that build knowledge and trust, while we provide legal advice that's tailored to our clients' world.



'Our people and distinct culture are what makes us different. We know this through client and employee feedback and this drives everything we do'' Chris Oglethorpe, HR Director.



There are great opportunities for all our people to flourish. Through training and personal development they can grow in their role. Our people are the cornerstone of our success, across legal, business support and early talent. We care about their happiness and believe in the power of teamwork. We want them to feel empowered and recognise that by supporting, respecting and embracing everyone's different contributions we achieve more.



Working flexibly, working fairly



Agile working offers people more freedom and flexibility in where, when, and how they work. As technology advances and our workforce becomes more diverse – and with clients often working to a 24/7 rhythm – having extra flexibility is key to helping us balance work and other commitments sensibly and productively.



By supporting people to choose where and when they get their work done, we help them to make a full and fair contribution to their team – while maintaining that all important work-life balance.



Where possible and depending on business needs, we will consider all flexible working options such as part-time working, job sharing, working from home and staggered hours. If in considering a role with Gowling WLG you favour flexibility in your working arrangements, please discuss this with the recruitment team in the early stages of the application process.



Main Purpose of the Job



This is a dynamic role combining security solution design, implementation, assurance and review activities with standards, policy and procedure development.



Strong analytical, information security and application security skills are required along with a technical understanding of the practical application of information security controls within legal services firms.



Main Duties and Responsibilities

To act as an Information Security Specialist for Gowling WLG’s by:



Working with suppliers' support teams and relevant user groups to ensure strong, relevant and up-to-date product knowledge and helping to transfer this knowledge to other members of the IT teams


Understanding technology trends and the practical application of existing, new, and emerging technologies to enable new and evolving operating processes for the business


Analysing the technology industry, competitors and market trends, and determining (and sharing) their potential impact on core technology for the business


Working with the Business Change team to deliver projects including any system upgrades and enabling security - working collaboratively with all colleagues throughout all stages of implementation through to user acceptance and ongoing support and maintenance


Observing good data governance, system controls and documentation as per the firm’s policies


Ensuring that system setup, configuration records and processes are documented and kept up to date


Consulting with Enterprise and Solution Architects to ensure development projects fit systems/infrastructure architecture, and identifying when it is necessary to modify projects to accommodate the systems/infrastructure architecture for security purposes


Provide technical advice and guidance on IT security related requests


Consulting with the Information Security Officer to ensure that any proposed software developments or changes do not compromise the security of the firm’s data


understanding security requirements and issues, and identifying encryption and controls needed to protect information


adhering to privacy by design principles, enabling use of test data, pseudonymisation and encryption at rest, ability to delete data


building in full auditing and error logging to any applications or customisations


ability to output logs of security events to security monitoring software


prioritising security above functionality and performance, whilst being pragmatic and taking a risk based approach


Liaising with external providers to resolve any issues in the functionality and interoperability of new applications, infrastructure and other services with existing IT systems


Participating in 8am to 8pm Service Delivery service provision shifts as necessary


Participating in 8pm to 8am Service Delivery Out-of-Hours Support (OHS) service provision team(s) as an OHS consultant




To promote the chosen subject matter area by:

Being known as the expert and sharing knowledge readily


Creating a ‘brand’ awareness


Developing and maintaining business user and vendor relations


Developing and maintaining best practices and standards


Instilling a positive work environment


Facilitating effective staff development (especially Subject Matter Analysts)


Communicating regularly with all levels of management


Demonstrating the willingness and ability and to take a ‘product owner’ approach to areas of expertise




Support Information & Cyber Security function

Provides security consultancy/advice as needed


Ensures that documentation of the supported components is available and in an appropriate format


Identifies operational problems and accountable for their resolution in accordance with agreed standards and procedures


Provides reports and proposals for improvement


Input into due diligence and relationship management of 3rd party vendors’ security




Support of Threat Detection and Prevention function

Develops new detective and investigative capabilities


Maintains knowledge of security laws, principles and best practices. Must remain current with emerging threats and trends


Performs data analysis and threat research


Supports security risk and vulnerability assessments for defined business applications




Support of Security Infrastructure

Manages processes relating to the installation, maintenance and operation of security infrastructure including firewalls, anti-virus and IPS


Responsible for the implementation of agreed changes


Regularly reviewing infrastructure to ensure best practices are being followed and where necessary to escalate problems/issues (process or compliance) as necessary


Input into technology designs to ensure security standards are adhered to


Enforcing role based access control




Incident handling

Initiates and monitors actions to investigate and resolve problems in systems and services.


Responsible for the implementation of agreed
remedies and preventative measures.

Ensures that incidents and requests are handled according to agreed procedures


Investigates identified security breaches in accordance with established procedures and responsible for applying the appropriate remediation


Conducts forensic investigations for HR, Legal, or incident response related activities




Projects



Leads information security related projects


Evaluates new security technologies and products and performs engineer-level work and analysis to determine if solutions should be pursued


Provides security consultancy/advice as needed to operational and project teams


Validates that proposed solutions are acceptable from a security standpoint






Qualifications




Key skills and experience

Required skills:

At least one of CISM, CISSP, CIPP (or other similar certification)


Degree level education or equivalent experience


Experience of people management


Knowledge of network protocols, network hardware, web technologies and hacking techniques


Experience managing identity and access management


Working knowledge of security systems and appliances (Cisco, proxies, endpoint controls, IDS/IPS, DLP, SIEM, vulnerability assessment tools, etc.)


Demonstrated technical understanding of IT infrastructure, applications, data storage and design concepts


Demonstrated technical understanding of cloud services architecture and multi-tenant connectivity solutions


Excellent customer facing, presentation, interpersonal and communication skills, with an ability to share expertise with others


Experience of working in technical and complex change programs


Ability to set and manage priorities judiciously


Exceptionally self-motivated, directed and detail-oriented


Superior analytical, evaluative and problem-solving abilities


Able to adapt to changing circumstances effectively


Ideally a graduate qualified in computer science/information systems/related fields and/or




Three or more years of IT and Business User experience, with sensitivity and commitment to business problem solving - ideally experience of working with a range of technologies (including Microsoft) within business/operations areas of the legal profession or other professional services, with a global component




A minimum of two years of demonstrated competency in a subject matter expert role involving maintaining and improving existing IT/Information systems, solutions and services along with the successful execution of multiple projects for new systems, solutions and services including

strong knowledge of subject matter concepts, patterns and practices


in-depth knowledge of subject matter and its future direction


enterprise IT support experience (ideally on a large scale)


coordinating testing efforts to identify and resolve any system integration issues


ideally experience of Agile or iterative development methodologies (such as DevOps)


Excellent planning and organisational skills


preparing proposals that are acceptable to the technical and business areas


ability to provide reliable work estimates


Excellent understanding of current and emerging technologies and how other enterprises are employing them to drive digital business – with a focus on end-user needs


Excellent written and verbal communication skills, with the ability to effectively communicate technical concepts to non-technical people at all levels


comfortable dealing with key customer decision makers such as IT Directors, project managers and business staff


strong technical writing ability


ability to assist with delivering consultancy and technical advice


Strong analytical, diagnostic and problem-solving skills with the ability to absorb new information quickly


Ability to excel in a fast-paced, ambiguous, and evolving marketplace


Methodical with excellent attention to detail


Ability to adapt to various internal and external situations and deliver high quality service


Team player, providing support to colleagues and managers and working with teams across the firm


Flexible approach with a customer and business focus


Experience of working within a matrix organisation, including reporting into a number of people including technical line managers and project managers


Evidence demonstrating ability to work efficiently and effectively under pressure of deadlines including expertise in prioritising competing workloads




Equal Opportunities



Gowling WLG is committed both to promoting equality and diversity in the firm and to Equal Opportunities in employment. The firm believes in equality of opportunity regardless of race or racial group (including colour, nationality, ethnicity, national origins), religion or belief, age, disability, sexual orientation, sex, gender re-assignment and gender identity, marriage and civil partnership, and pregnancy, maternity and paternity. This also includes any incidents of perceptive or associative discrimination and harassment.




At Gowling WLG we seek to attract and retain talented people from a diverse range of backgrounds and cultures, to create an exciting and rewarding place to work. Our aim is to fulfil everyone's potential and together to achieve personal and business goals.









Job: IT

Organisation: Business Services

Schedule: Full-time

Employee status: Regular

Shift: Day Job

Gowling WLG

Share Job