Information Security Compliance & Audit Support Officer

Term: Permanent
Department: Risk
Location: Manchester or Birmingham
The Firm

Fieldfisher is a European law firm with market leading practices in many of the world's most dynamic sectors. We are an exciting, forward-thinking organisation with a particular focus on technology, finance & financial services and energy & natural resources.

Our growing European network of offices supports an international client base alongside our Silicon Valley, Beijing and Shanghai teams. Among our clients, we count social media sites and high street coffee chains through to pharmaceutical, life sciences and medical devices companies, energy suppliers, banks and FTSE 100 companies.

Clients choose to work with us because we deliver commercial, pragmatic and innovative solutions through our exceptional legal expertise and experience, on time and on budget.

We have more than 600 lawyers spread over nine locations, all providing highly commercial advice based on an in-depth understanding of our clients' needs. We operate across our offices in Amsterdam, Brussels, China, Paris, Germany, Italy, UK, and the US - Silicon Valley. In the UK, we have approximately 700 people working in the London, Manchester and Birmingham.

The firm is growing rapidly and its revenue for 2016/17 was £165 million. The UK accounts for approximately 70% of the headcount.

The Team

This key position, within the Risk Team, reports directly to the COLP with a dotted line to the firm’s General Counsel and IT Director.


Ensure that all necessary security policies and procedures are established and maintained in relation to the on-going service operation.

Ensure on-going compliance with standards such as ISO27001, PCI DSS. Support the maintenance of current accreditations and communicating closely with the necessary governing bodies / accreditors.

Support strategic security planning to achieve business goals by prioritising defence initiatives and co-ordinating the evaluation, deployment, and management of current and future security technologies.

Support development, implementation, maintenance and oversight for enforcement of policies, procedures and associated plans for all system and information security requirements based on industry-standard best practices. Recommend and implement changes in security policies and practices in accordance with changes in legislation, business and contractual terms.

Support the security incident process such that all stakeholders understand and perform their duties when an incident occurs.

Support penetration testing of all systems in order to identify system vulnerabilities and assist with coordination of remediation.

Support the operation of administration of computer security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.

Review and recommend improvements for connection security for local area networks, the company Website, intranet and e-mail communications.

Support the design and delivery of security awareness training across all operational units.

Act as company contact and representative for internal and third party audits and a subject matter expert for security and risk questions as required.

Ensure all 3rd Party Service Providers comply with security standards in relation to the services they provide and support security audits on suppliers to ensure compliance.

Support efforts of the firm to continually improve while developing efficient processes and services. 

Key Skills & Experience

Capable communicator and influencer

Able to be client facing and discuss with internal and external stakeholders

Able to break down technical discussions into simple language

Focussed and dedicate time and attention to sensitive tasks and ability to prioritise effectively.

Information Security champion with good understanding of technical architecture.

Willingness to learn and develop skills in accordance with business demands.

Stay informed of trends and issues in the security industry, including current and emerging technologies and associated cost implications.

Represent the firm at Industry and relevant Information Security forums

Willingness to travel as required.

Relevant security qualification e.g. CISSP or CISM

5 years' experience in an Information Security aligned role.

Please note Fieldfisher aims to ensure equality of opportunity and we are actively working towards improving the diversity of our staff.  All applications will only be considered on merit and the applicant's suitability to meet the requirements of the role.