Information Security Governance

Forvis Mazars
is a leading global professional services network providing audit & assurance, tax, and advisory services. Forvis Mazars in the UK spans 14 offices across the nation and has over 3,400 professionals, with 190 partners. We have a clear purpose and a shared commitment to shape a better future.

You'll join a collaborative and inclusive team where you're supported to grow your skills, explore new opportunities, and contribute from day one. You'll work with a diverse client base, develop meaningful connections, and gain experience that extends beyond your local team. Together, we
grow
,
belong
and
impact
.

About the team

Our Information Security function is fundamental to enabling our firm to succeed. Working with innovative business partners and technology, they are responsible for designing, implementing, and managing security solutions to mitigate risk, ensuring the protection of sensitive data, systems, and applications. The team is embedded within the wider IT team, providing IT services to around 4,000 users, across 20 locations, based predominantly in the UK.

The Information Security Governance team collaborates closely with both business support teams and the firm's client facing service lines. The team will frequently engage with clients, suppliers, and other third-parties, supporting security assurance activities, compliance, risk management of suppliers, and maintenance of security certifications and accreditations.

The team develops and implements Information Security policies, standards, and procedures, communicating them to all employees through the management of an extensive Information Security Awareness Program. They provide oversight of IT & Information Security controls and ensure integration with Enterprise Risk Management. They monitor and collate considered security metrics and manage robust reporting mechanisms, ensuring executive visibility of IT & Information Security risk.

About the role

The Information Security Governance Analyst is a key role within our IT Security & Governance Team, working to protect Forvis Mazars' information, information systems and those of Forvis Mazars' clients. The responsibilities will include:

• Supporting the maintenance of the Cyber Essential Plus and ISO 27001 certification activities.
• Supporting and managing the Third-Party Risk Management (TPRM) processes, assessing all new and existing supplier risk.
• Responding to inbound It & Security due diligence requests from clients.
• Performing and coordinating risk and control assessments across IT and Information Security.
• Supporting the Security Business Partner in the design and implementation of an Information Security Awareness Program, including security training and phishing exercises.
• Collating and reporting on key Information Security metrics such as KPI's, and KRI's, supporting wider Information Security reporting efforts.
• Supporting Information Security Committees and Forums.

Who are we looking for?

• This role is suitable for someone looking for a career in Governance, Risk, and Compliance (GRC). Experience is not required; however, you should understand fundamental information security principles, concepts, and processes.
• A proactive, self-motivated, and highly professional individual, with strong stakeholder relationship skills.
• Excellent verbal and written communication skills to effectively communicate with stakeholders.
• Exceptional organisational skills, with the ability to efficiently coordinate and prioritise multiple processes within a dynamic information security environment.
• Analytical skills to evaluate risks and support the identification of vulnerabilities.
• Strong interpersonal abilities, fostering relationships and collaborating effectively with the wider IT function.
• Proficient in English (spoken and written), with the ability to communicate effectively in a professional environment.
• Formal qualification in Information Technology, Information Security or a related field. (Bachelors degree in IT or Cyber Security related field, Security+, CISM, CRISC, CISA, CISSP)

If you're excited about this role but don't meet every requirement, we still encourage you to apply, we'd love to hear from you.

Diversity, Equity & Inclusion

At Forvis Mazars diversity, equity and inclusion are central to our values. We value our people's unique backgrounds, perspectives, and experience, and know this diversity create better outcomes for our clients.

We seek to attract, develop, and retain the best talent, inclusive of sex, ethnicity, disability, socio-economic background, sexual orientation, gender identity, nationality, and faith.

We select candidates based on skills, knowledge, qualifications, and experience and aim to support all our team members to reach their potent