Information Security Officer

Information Security Officer

The following information aims to provide potential candidates with a better understanding of the requirements for this role.

Hybrid working: 3 days per week required in the office in London.

DGH Recruitment are currently recruiting on behalf of a leading global law firm who are looking for an Information Security Officer to join the team on a permanent basis.

The Information Security Officer will play a key role in ensuring the security of my clients systems and data by evaluating the risks associated with third-party vendors and internal projects and then recommending appropriate risk mitigation strategies.

Responsibilities:

- Conduct vendor risk assessments and project security risk assessments based on established methodologies and frameworks.

- Evaluate security risks associated with third-party vendors and internal projects, considering factors such as security, privacy, and compliance.

- Ensure compliance with security policies, standards, and procedures in vendor relationships and project activities.

- Develop and maintain security assessment frameworks and methodologies for vendor risk assessments and project security risk assessments.

- Conduct periodic reviews and audits to ensure compliance with security policies, standards, and regulatory requirements.

- Support the development and enforcement of security policies, standards, and procedures related to vendor management and project security.

- Support Security audit activities conducted by Internal audit, clients and certification bodies e.g. ISO27001

- Provide security awareness training and guidance to staff as required.

Required Skills / Experience:

- Professional certifications such as CISA, CISM, CISSP or similar credentials are preferred.

- Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST).

- Experience in co-ordinating and participating in Security audits.

- Experience in conducting vendor risk assessments and project security risk assessments

Information Security Officer