Information Security Analyst


CMS is an international law firm with market leading businesses throughout Europe, The Middle East, Asia and beyond. Ranked as the world's 6th largest law firm by lawyer headcount and 6th largest in the UK by revenue, CMS works with clients in 42 countries from 74 offices worldwide. A future facing law firm CMS is well equipped to help our clients face the future with confidence. We are driven by technology and readily embrace the possibilities it opens up for developing new and better ways of delivering legal services. And we recruit, value and nurture top talent.

Are you looking to be part of a progressive and innovative team to supporting our information security management system?

About the role

Reporting to the Information Security Manager, you will help to support a robust programme of information security assurance activity ensuring that issues are identified, reported, addressed/escalated or accepted as appropriate. The role will involve some travel to other CMS sites, sometimes with short notice periods.

You will be a key part of the team with a range of responsibilities, these will include:

  • Ensuring that any vulnerabilities identified are processed in accordance with the information security risk framework including; risk analysis, identifying and applying appropriate controls, recording, reviewing and approval.
  • Investigating actual or potential security events/incidents.
  • Maintaining compliance in line with relevant security standards such as ISO 27001, NIST Cyber Security Framework and regulation such as the GDPR.
  • Supporting the business in the tracking and resolution of security issues.
  • Carrying out annual policy/procedure reviews, asset management reviews and physical site reviews
  • Documenting reviews in order to improve understanding of policy compliance across the firm and identify areas in need of improvement.
  • Providing support and guidance to asset/risk owners in relation to information security responsibilities.
  • Working with internal stakeholders to deliver security assurance through responses to due diligence questionnaires/assessments, maintenance of supporting documentation/accreditations, and support to clients.
  • Developing a strong understanding of security threats, new technology and the associated security controls.
  • Recommending, developing and delivering opportunities to improve team processes for enhanced client delivery.

About you

Ideal candidates will be educated to degree level from a legal or professional services background. You should have solid experience in information security and have have a broad knowledge and understanding of IT concepts and architectures. You will have obtained an industry recognised information security risk qualifications such as CRISC or working towards such qualification.

You will have knowledge of SIEM, Mobile Device Management and Cloud technology. Have experience of working to an ISO27001 aligned framework and an understanding of ITIL (preferable) and the desire to build own information security knowledge.

This role will be ideal for someone who is a self-motivated individual with flexible approach to working. You will have excellent interpersonal skills with the ability to converse with both technical and non-technical business stakeholders at all levels.

You must register to apply for this job.