Security Compliance Manager

Keen to become part of a truly global, collaborative team of professionals? Your journey begins here.

Job Title
Security Compliance Manager

Department
Information Security

Office Location
London

Reports To
Head of Information Risk

Working Hours
35 hours per week, 9:30am to 5:30pm but additional hours may be required. We are happy to consider agile and flexible working patterns.

Our approach to hybrid working allows for up to 40% of time working from home and 60% working in the office, please contact a member of the recruitment team to discuss further.

Firm Description
Hogan Lovells is one of the leading global law firms. Our distinctive market position is founded on our exceptional breadth of our practice, on deep industry knowledge, and on our 'one team' global approach. Formed through the combination of two top international law firms, Hogan Lovells has over 40 offices in the Americas, Asia-Pacific, Europe, the Middle East and Africa.

With a presence in the world's major financial and commercial markets, we are well placed to provide excellent business-oriented advice to our clients locally and internationally. Our people are the key to our success, which is why we seek to recruit and retain the most talented individuals in all regions of our global practice.

Department Description
The department is responsible for the use of Information Technology, computer systems and electronic communications throughout the firm and where appropriate to its clients.

Role Overview
Hogan Lovells is seeking an experienced Security Compliance Manager who will be responsible for coordinating and responding to external and internal security and compliance audit activities while managing the firm's ISO 27001 ISMS. They will represent the firm's security program to clients, manage ISO 27001 audits, and will also be responsible for managing security assessments and audits of key partners.

Key Responsibilities / Accountabilities

• Serve as the primary liaison between the firm and its clients for IT and security-centric inquiries.
• Maintain the firm's ISO 27001 ISMS and associated deliverables.
• Coordinate and maintain internal and external security assessment schedule.
• Manage security assessments, as required by the firm's clients and certification agencies.
• Manage security and compliance deliverables across multiple teams.
• Collaborate with internal and external stakeholders on controls and gap remediation.
• Maintain appropriate documentation and records in order to meet compliance requirements.
• Clearly explain our Security and Compliance program to clients and other third parties.
• Provide responses to customer security questionnaires and RFPs detailing firm capabilities.
• Develop recommendations to correct control deficiencies and provide ideas for process improvements.
• International travel may be required.

Specific duties or responsibilities may be reviewed from time to time to reflect changes in personnel and management structure, staff location or services.
All members of the firm participate in our Responsible Business program.
Person Specification
Qualifications And Training

• ISO 27001 Lead Auditor and / or extensive experience in working with ISO 27001 and related standards.
• Working knowledge of ISO 27001 and Cyber Essentials Plus requirements and controls.
• 5+ years of IT and Security audits or assessments, or related experience.
• Conceptual understanding of security best practices and solutions.

General Attributes

• Possess a sufficient understanding of technical concepts including systems, networks and security architecture best practices in order to effectively evaluate risk and assess the effectiveness of controls
• Knowledge of industry compliance standards, including ISO27001.
• Demonstrated written and oral communication skills and ability to communicate with all levels of management.
• Ability to interact effectively with, and influence, internal and external customers.
• Keen attention to detail and accuracy in order to analyse and finalise documents.
• Ability to build relationships and work cross-functionally with internal and external constituents.
• Broad knowledge of risk management, vulnerability management, and third party risk.
• Familiarity with control design, execution and monitoring, policies and procedures.

Agile Working Statement
Our goal is to embed flexibility across our business by giving everyone the opportunity to work in an agile way, whether as a regular pattern or on an ad hoc basis, and we will be happy to discuss this further.

Equal Opportunities Employment Statement
It is the policy of Hogan Lovells to provide equal opportunities for all employees in relation to recruitment, training and promotion. Decisions in these areas will be made only by reference to the requirements of the job and shall not be influenced by any consideration of racial or ethnic origin, religion, sex , gender and gender identity, age, sexual orientation, marital and civil partnership status, pregnancy or disability.

All vacancies are open to direct applicants. Recruitment agencies; please be advised that we have a preferred supplier list in place for all roles.