Security Analyst – Law Firm

Full Time Greater London IT Job Pro UK

My client, a Top Tier International firm, is recruiting for a Security Analyst to join their firm in Finsbury, London.

This role will report to the IT Security Manager. This role will work with the business and the wider information security team to ensure the appropriate controls, policies and procedures are in place to protect the information of the firm in-line with internal information security principles (i.e. ISO27001 and CE+) as well as regulatory legislation.


• Deputise for the IT Security Manager as required;

• In conjunction with the Information Security Manager, develop and implement information security policies, standards and documentation ensuring compliance with all applicable legal or regulatory legislation;

• Work as an Information Security Auditor to define, maintain and implement an audit framework and schedule in compliance with Stephenson Harwood's security polices and standards;

• Maintain certification to ISO27001 and Cyber Essentials Plus against a backdrop of a growing firm and evolving regulations, technology and processes;

• Maintain the cyber incident management process and develop the appropriate document repositories, policy documents, operational schedules and processes;

• Ensure published policies are regularly reviewed and amended appropriately;

• Be actively involved in in firm-wide projects and liaison with third party suppliers to ensure that IT and information security principles are adhered to, from inception to retirement;

• Complete client data requests and reporting relating to IT, information and cyber security;

• Drive and support an exceptions and waivers process ensuring exceptions are appropriately reviewed and action taken where relevant;

• Promote the firm's security policy, to ensure appropriate measures are taken to secure the firm's information and minimising security incidents;

• Drive and manage processes for reporting KPI's and other metrics in relation to risk, threats, vulnerabilities, compliance and performance;

• Conduct post-incident investigations and provide advice to address issues and/or amend procedures to enhance the Firm's information security protection;

• Assist with all security certifications to ensure compliance to applicable standards and regulations;

• Assist with the management and chairing of governance groups including the documentation and completion of actions;

• Maintain and manage the information security risk register, in conjunction with Risk and Compliance.

Attributes/Skills Required

• Solid experience in a legal or other professional services firm is preferred – ideally a partnership structure;

• Knowledge of Azure, encryption key management and cloud-based services such as M365 is essential;

• Experience of operating in a similar role within the framework of and adhering to requirements of ISO27001 and Cyber Essentials Plus or similar standards;

• Experience in preparing documentation and guidance for others is essential;

• Experience in related supplier management, with vendors and resellers;

• Experience of aligning technology solutions with best practice and IT security policies and guidelines

Should you have any questions or wish to apply please do not hesitate to contact Clear Legal and Financial Recruitment.

Please Note: Due to the number of applications we receive we may be unable to respond to every application directly. If you have not heard from us within 3 working days, please assume your application has been unsuccessful

To apply for this job please visit