Information Security Assurance Specialist
Reporting to the Information Security Manager, the Information Security Assurance Specialist will play a pivotal role in strengthening the firm’s information security posture. The role requires identifying where security assurance testing of the firm’s systems and processes is required, commissioning the required tests from relevant suppliers, and managing their findings through to resolution. It also provides security assurance in relation to the IT project and change management lifecycles by identifying security requirements, reviewing project design documentation, and working with technical stakeholders to mitigate information security risks associated with technical change requests. The successful candidate will be a proactive and motivated individual with the ability to quickly grasp technical concepts and effectively communicate information security risks to a range of stakeholders. A strong background in information security within professional or financial services is essential.
Key Responsibilities
- Plan, scope, commission and oversee a wide range of technical assurance testing, including:
- Penetration tests of IT project deliverables as they approach release to production.
- The baseline annual penetration test of the firm’s core systems and IT infrastructure.
- Other offensive security testing, such as physical penetration tests and social engineering exercises (e.g. vishing), to provide assurance in relation to non‑technical security controls.
- Validate the findings arising from such tests with relevant subject matter experts, prioritise them based on risk, and manage them through to resolution (e.g. mitigation or risk acceptance).
- Work with the Technology department’s IT Architecture function to review design documentation for new (or significantly changed) IT solutions, embedding security requirements from the outset.
- Identify and assess the information security risks associated with technical change requests and represent information security perspectives at Technical Change Advisory Board (T‑CAB).
- Help drive continuous improvement and consistency in relation to security assurance, e.g. by:
- Helping to define what security testing the firm requires and when.
- Pre‑empting and pre‑defining typical information security requirements for projects.
- Assisting in managing the firm’s information security management system (ISMS), including maintaining policies, producing management reports, and supporting compliance activities.
Candidate Profile
- Strong experience in an information security or technical cyber security role, ideally within a regulated environment or an organisation aligned to ISO 27001.
- Strong knowledge of ISO 27001 and Cyber Essentials Plus standards.
- A self‑motivated, results‑driven mindset with a strong sense of ownership and accountability.
- Excellent organisational skills, with the ability to prioritise effectively in a fast‑paced environment.
- Intellectual curiosity and a commitment to continuous improvement, including researching new ideas and validating them through testing.
- Proven ability to collaborate effectively, build strong professional relationships, and communicate confidently with senior leadership.
Seniority Level
Associate
Employment Type
Full-time
Job Function
Information Technology
Industry
Law Practice
#J-18808-Ljbffr