Overview

Security Specialist – Innovation

Location : London - Bishops Square

We are currently recruiting for a Security Specialist – Innovation to join our Information Security team in London.  The role is a key member of the Global Information Security team and is focused on six outcomes:
 

  1. Know the solution providers
Take time to build relationships with the legal innovation solution providers and to understand their technologies and security challenges. Provide awareness training sessions concerning security good practice and enthuse and promote the benefits of good information and cyber security amongst the solution provider cohort.

 

  1. Track new legal innovation projects and sign off security postures
Maintain an accurate view of all the legal innovation projects and their status within the security by design process such that each project has i) An associated documented IS risk assessment ii) An associated documented IS controls framework definition iii) Security sign off for their risk assessments and controls definitions when both reach the appropriate level of quality and effectiveness.

 

  1. Track live legal innovation services and assure security postures
Maintain an accurate view of all the legal innovation services in operation and perform regular assurance checks to ensure the appropriate security controls remain in place.

 

  1. Provide risk assessment and control definition assistance and best practice
Provide technical teams within legal innovation and across IT with guidance and input concerning good practice when conducting risk assessments help the teams to produce good insightful effective risk assessments. When necessary do this in order to provide examples. Further provide guidance and input concerning good practice when defining IS controls in order that solution control definitions are effective particularly with regards to managing the risks associated with the individual solution.

 

  1. Curate the IS risk assessment and controls definition methods
Own and manage and mature IS risk assessment method for legal innovation including the production of standardised risk libraries as the method become more mature. Ensure “how to” documentation is available and that training is also available. Own and manage and mature the controls definition method for legal innovation including the production of standardised control libraries as the method becomes more mature. Ensure “how to” documentation is available and that training is also available.

 

  1. Manage independent assurance (pen test) before legal innovation projects go live
Organise and manage pen tests and subsequent security remediation.

Role and responsibilities

  • Know the solution providers.
  • Track new legal innovation projects and sign off security postures.
  • Track live legal innovation services and assure security postures.
  • Provide risk assessment and control definition assistance and best practice.
  • Curate the IS risk assessment and controls definition methods
  • Manage independent assurance (pen test) before legal innovation projects go live

Key requirements

  • Demonstrate experience of IT security and IT infrastructure security and in particular cloud security architecture approaches for Microsoft Azure.
  • Be educated to degree level ideally in Computing Science or Information Security or Cyber Security.
  • Be familiar with IS risk assessment and the process of documenting and evaluating IS risks in conjunction with designing technical security controls to manage the risk.
  • Demonstrate energy and tenacity and the ability to deliver in time critical and sometimes demanding situations.
  • Have an implicit sense of placing technology and data risk in a business context by pro-actively developing a sound understanding of how the business harnesses data and technology.
  • Be an effective problem solver and be able to work with technical teams locally and globally.
  • Position the benefits of good security and champion the security perspective particularly in advance of signing off risks assessments and controls definitions.

Allen & Overy LLP is committed to being an inclusive employer and we are happy to consider flexible working arrangements. INDSJ