Information Security Assistant

Make a Real Impact

Bevan Brittan is a leading commercial law firm. Alongside our recognised expertise in housing, local government, and health and social care, we are specialists in the construction, energy and resource management, higher education and financial services sectors.

Supported by our valued business services professionals, our award-winning and growing legal teams provide almost 2,000 organisations with commercial, corporate, property, finance, regulatory, employment and litigation (commercial and clinical negligence) legal and advisory services.

As a responsible business, we embrace four values: Relationships, Reputation, Responsible and Results. These give us a sense of purpose. They influence the decisions we make and how we work with each other. Importantly, they motivate us to deliver meaningful outcomes for our clients and the communities that we're part of.

Consistently recognised as one of The Times Best Law Firms and highly ranked across the legal directories, we are proud of our hard-earned reputation. Our 2023/24 financial results confirmed both revenue and profit growth for an eleventh consecutive year, ensuring our ability to continue investing in our people.

Looking to the future, we're targeting ambitious growth and success. And we're looking for the best people to be part of it.

Join a team of experts and progressive thinkers

The successful candidate will join Bevan Brittan's growing Risk & Best Practice (R&BP) team. Whilst the team is based in Bristol, suitable candidates based in the Birmingham or Leeds areas would also be considered. The team is responsible for operating, maintaining and monitoring the firm's Management System (ISO 9001, ISO 27001, ISO 22301 and ISO 14001), ensuring firm-wide compliance with legal and regulatory requirements and promoting Best Practice within the firm and by third parties working with the firm.

Current R&BP team members include:

• Director of Risk
  : A board member and head of the R&BP team, has overall responsibility for Best Practice, Information Security and Environmental Management at strategic level.
• R&BP Solicitors:
  Provide a front-line risk and regulatory advice service to the firm, and the firm's management.
• Information Security Manager (CISM)
  : Oversees the day-to-day operation and maintenance of the firm's Management System (ISO 9001, ISO 27001 and ISO 14001), plus the firm's Cyber Security and Business Continuity/Disaster Recovery (BC/DR) improvement programmes.
• R&BP Assistants
  : Provide administrative support to the R&BP team, including the logging of information security and data protection incidents, and assisting the R&BP Solicitor and CISM with the management of the firm's internal and external audit programmes.
• Due Diligence Officers
  : Support solicitors with the onboarding of new clients, including compliance with our obligations under the Money Laundering Regulations

The role

As the firm's ISO management system continues to evolve, the Information Security Assistant will support the CISM and contribute to the team by carrying out the following key tasks:

Supporting the Information Security Manager (CISM):

• Maintenance of the firm's ISO Management System, including preparing for our annual ISO audits, setting up interviews with audit participants, and dealing with invoicing and other administrative aspects associated with the audits, (including following up and closing out agreed audit actions)
• Collating information for and completion of Information Security (InfoSec) and Cyber Security (CyberSec) questionnaires received from clients.
• Rolling out InfoSec/CyberSec training across the firm and ensuring completion of outstanding training
• Contributing to InfoSec//CyberSec related change projects, and handling day-to-day queries
• Coordinating meetings of internal stakeholders to drive improvements in compliance in InfoSec and CyberSec policies, processes and procedures and address specific InfoSec/CyberSec issues.
• Assisting with the testing of Business Continuity plans, and Business Impact Assessment (BIA) across the firm, with a view to the firm achieving ISO business continuity) in due course.
• Undertaking such other duties as may be required within the general scope of the role

General Risk & Best Practice Support

• Providing additional support to the R&BP team.
• Dealing with emails and calls relating to client queries and complaints.
• Preparing and publishing intranet news items for the R&BP team.
• Updating R&BP team policies and guidance on the Know How database, and updating relevant links on the intranet
• Creation of new internal approval processes using HighQ Collaborate.

What we are looking for from you

The successful candidate will have:

• A careful, methodical approach with excellent attention to detail and strong personal organisation to ensure that issues are followed through and closed out.
• The ability to prioritise work (and reprioritise where urgent issues arise), deliver to pace and to deadlines,
• The ability to work independently and on their own initiative, being ambitious for improvement across the firm, but mindful of, & subject to the priorities set by the Director of Risk and the wider firm strategy.
• Ability to develop and build upon strong relationships with key stakeholders within the firm
• Excellent written and verbal communication skills.
• The ability to identify improvements to working practices within the R&BP team so as to maximise efficiency.
• Ability to take ownership of tasks and manage own workload to meet deadlines, identifying any risks to agreed deadlines and addressing these proactively.
• Ability to deliver work of a high quality, whilst ensuring that time allocated to particular tasks is proportionate.
• Proactive, self-motivated and flexible approach.
• In dealings with external third parties, being an effective ambassador and advocate for the firm, its culture and values.

Whilst not a requirement, the following would also be an advantage:

• Relevant experience of working in a business involved in the provision of legal services
• Experience in ISO management systems and accreditations and/or Lexcel
• Familiarity with Microsoft applications (Outlook, Word, Excel, PowerPoint, SharePoint Designer and Visio).
• Good working understanding of IT systems (including document management systems such as FileSite/iManage, finance systems such as 3E, case management systems such as MatterSphere, online training systems such as VinciWorks, and cloud-based content-sharing sites such as HighQ Collaborate).
• Awareness of the key principles of GDPR, Information Security and Quality Management