Information Security Analyst
Information Security Analyst
Information Security Analyst
Unit No. 3, First Floor, Ambience Corporate Tower II, Plot No. 3, Ambience Island, NH-8, Gurgaon, Haryana, India
Global Career Band
Global Role Type
Head of Information Security (via local line management)
Clifford Chance is one of the world's leading law firms, helping clients achieve their goals by combining the highest global standards with local expertise. The firm has unrivalled scale and depth of legal resources across the three key markets of the Americas, Asia and Europe and focuses on the core areas of commercial activity: capital markets; corporate and M&A; finance and banking; real estate; tax; pensions and employment; litigation and dispute resolution.
Alongside world-class legal careers, Clifford Chance offers excellent opportunities in the support functions that underpin its business operations. By joining us in business services, you will help us to innovate in the way we deliver our services and enable us to run a successful multinational business that never stands still. Business services are integral to the running of the firm and are critical to its success.
Having Grown Steadily Over Ten Years, The Company Employs Around 500 Highly Skilled And Experienced Professionals Enabling The Organization To Successfully Support Its Client In The Following Areas
Clifford Chance Business Services (CCBS) provides a wide range of IT Enabled Services to its client/parent company, Clifford Chance LLP.
- Information Technology
- Administration and Research
- Legal Support Centre
- Document Production Unit
- Project Management and Continuous Improvement
- Clifford Chance is not alone in facing increasing cyber security threats and information risks, along with heightened client scrutiny of our information security controls. The Information Security team has an important remit to provide governance, coordination and leadership across these areas, drive continuous improvement, and provide assurance to our clients. We are a small team that works closely with our colleagues in Cyber Security, all other parts of IT and right across the firm globally.
This is a new role, reporting to the Head of Information Security requires a fast-learning and self-motivated individual to add capability and capacity to our small team.
Information Security is evolving to dynamic business needs, a rapidly changing threat environment, and the firm's own ambitious IT Strategy. This role will help play a key part in implementing and improving the underlying processes required to provide a structured, systematic and audited approach to Information Security across the firm. The role will have clear areas of focus combined with periodic involvement in a broad spectrum of information security activities.
The key tasks and responsibilities include, but are not limited to, the following:
- Work with the Head of Information Security and the Information Security leadership team to create and agree an improved structure and roadmap for conducting information security risk assessments, including:
- Reviewing and advising internal projects and initiatives;
- Reviewing external service providers and data custodians;
- Agreement of ownership, associated tracking, follow-ups, and management reporting.
- Partner with key roles within the firm to assist and develop enhanced security models and defined risk tolerances, e.g. in the areas of identity management, compliance monitoring, and data governance.
- Assist in developing IT Risk tools and techniques to support the developing IT strategy, including the management of risks relating to outsourcing, third-party hosting, cloud vendors, and consumerisation challenges.
- Operation of the 3 rd party Security vendor management processes and associated auditing of vendors and working in partnership with the Procurement and Business Risk functions through our centralised 3 rd Vendor management platform Fusion.
- As required work with the Information Security Leadership to process ad-hoc requests as and when required.
- Assist in developing IT Disaster Recovery and Business Continuity Planning through our centralised system Fusion and processing any DR requests.
- Support the firm's wider security strategy and programme by assisting the Head of Information Security where needed, e.g. helping to carry out threat monitoring, research, and elements of policy change and programme delivery.
- Participate in the evaluation, selection and implementation of security products and technologies.
- Provide support and cover for certain time-critical elements of IT Risk team responsibilities, such as incident management and security investigations.
- Support the firm's ISO27001-certified ISMS through risk assessment work, assistance during audits, documentation, and other continuous improvement activities.
- Development of the firm's Trust Centre to include SOC2, Cyber Essentials and the expansion of our ISO27001 ISMS
- Process any system alerting data from non cyber based systems in order to carry out security related investigations working alongside both Business Risk and Compliance.
- Plan, organise and deliver a series of security penetration tests (some regular, some ad-hoc) by working with external suppliers and internal applications & infrastructure colleagues.
- Work with external/client auditors as required.
- Maintain an awareness of current and developing threats and reflect these back into the risk management processes.
- Assist with Security Awareness initiatives.
- Assist with KPI collation and analysis.
- Plan and carry out audits on firms suppliers in line with both our ISO 27001 commitments and procurement/vendor approach.
- Assist where required with any security related incidents and investigations.
- Key Requirements
The candidate must have experience of performing information security risk assessments, ideally with knowledge of ISO27001, SANS20 and NIST cyber security frameworks. They should be able to rapidly assimilate technical information to assess and document risks, have the knowledge and skills to engage with different levels of seniority, balance the need to obtain information with provision of support and advice, and continually demonstrate how IT Risk supports the firm's business objectives and our clients' need for information assurance. They should be able to apply an organised approach to managing and prioritising multiple concurrent assignments.
Although no formal qualifications are mandated, the successful candidate is likely to be degree educated and have one or more of the following – ISO27001 Lead Auditer/Lead Implementer, CISSP, CISA, CISM, CCSK or CRISC
It is essential that the successful candidate is a self-starter with an inquisitive, pragmatic and flexible approach backed by the tenacity to pursue enquiries through to a timely conclusion. It will be important to remain focussed on the strategic goals whilst maintaining an eye for detail.
The role may bring the candidate into contact with sensitive information and, as such, the ability to press ahead to a pragmatic conclusion whilst exhibiting the utmost discretion is important.
Experience in developing and using structured documentation – process, format, logical content, version control etc is also important.
It is the Firm's policy to treat all employees and job applicants fairly and equally regardless of their gender, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation, or age. Furthermore, the Firm will ensure that no requirement or condition will be imposed without justification which could disadvantage individuals purely on any of the above grounds.
The policy applies to recruitment and selection, terms and conditions of employment including pay, promotion, training, transfer and every other aspect of employment.
The Firm will regularly review its procedures and selection criteria to ensure that individuals are selected, promoted and otherwise treated according to their relevant individual abilities and merits.
The firm is committed to the implementation of this policy and to a programme of action to ensure that the policy is, and continues to be, fully effective. All staff are required to comply with the policy and to act in accordance with its objectives so as to remove any barriers to equal opportunity. Any act of discrimination by employees or any failure to comply with the terms of the policy will result in disciplinary action.
South Asia-India-Clifford Chance, Delhi
Clifford Chance, Delhi
Feb 17, 2020
Job functionInformation Technology
IndustriesStaffing and RecruitingLaw PracticeFinancial Services