DMH Stallard is an award winning South East law, Legal 100 firm with offices in London, Brighton, Gatwick, Guilford, Horsham and Hassocks. DMH Stallard has grown rapidly since it was established in 1970, and has a headcount of approx 320. Our firm provides a comprehensive range of commercial, dispute resolution and litigation, employment, cyber security and cyber-crime, corporate, intellectual property, real estate and technology, media and telecoms advice to both businesses and individuals. Our clients, our people and our professional networks are the keys to our success. |
Primary purpose and scope of the role
To promote continual improvement of the firms Information Security Compliance framework via the setup and execution of an independent compliance programme.
The role is responsible for developing and implementing documented Information Security Compliance audit processes, obtaining audit evidence and evaluating it objectively to determine the extent to which compliance criteria have been satisfied and effectively managing risks identified
Scope of the role encompasses the compliance of the firm to the following management systems or regulation:
- Information Security Management Systems (ISO 27001)
- General Data Protection Regulation (GDPR)
- Solicitors Regulatory Authority (SRA)
Key Responsibilities and Tasks:
- Developing and executing an internal compliance programme to assure that the firm is satisfying all appropriate Information Security regulation including the General Data Protection Legislation.
- Information Security Audit planning & execution– preparing appropriate audit checklists relevant to the controls in scope, planning and scheduling audit activities, negotiating resource (where relevant),
- Information Security Compliance Audits - Interviews – where audit involves interviewing people operating controls, evidence gathering – ability to gather objective verifiable evidence. Particular focus on strong observation, listening & communication skills
- Issue management – Able to deal with issues affecting the ability to complete the audit scope planned
- Audit Reporting – Documenting suitable summary report of audit findings including record of any non-conformities, e.g. note taking, photographs, log file capture etc. Providing report to the ISG on audit findings
- Reporting of all Information Security compliance risks to the ISG and/or DPO
- Manage disaster recovery and business continuity governance across the firm including reporting on the compliance group standards
- Assisting with GDPR Subject Access Requests as required by the Data Protection Officer (DPO)
- Assisting with GDPR enquiries from third parties as required by the DPO
- Ad hoc support to DPO re GDPR issues to ensure firm’s compliance
- Carrying out audits on groups’ Information Security compliance with the firm’s internal policies and procedures
- Assisting with Information security due diligence work and other risk management activities in any potential mergers and acquisitions.
- Assisting with the firm’s quality assurance programmes (Lexcel, CQS) regarding Information Security
- Providing ad hoc support to MBD with collating information in regards to client assurances and tenders on behalf of IT/Info Security, Data Protection, Risk and other groups as required
- Providing ad hoc support to the Risk Manager and Head of Risk & Compliance where specialist input on Information Security, or in ad hoc investigations where heightened security access is required.
|
Skills - Essential
- Excellent interpersonal skill with the ability to influence and challenge at senior level.
- Strong interviewing / questioning skills
- Highly organised, quick and efficient
- Ability to cope under pressure in a professional and calm manner
- Ability to present complex subjects in understandable terms
- Strong attention to detail Strong literacy, numeracy and analytical skills
- Enthusiastic and flexible approach to the wide variety of the role and tasks.
- Good investigative skills
- Have a methodical and organised approach to work, whilst adapting to meet priorities
- Proficient in all Microsoft Office applications
Competencies – Essential
- Ethical
- High level of integrity
- Diplomatic
- Observant
- Perceptive
- Tenacious
- Decisive
- Self-reliant
- Punctual
- Good Communicator
- Good listener
- Discreet
- Calm
- Professional
- Inquisitive
Experience - Essential
·Previous experience in planning & conducting audits of a recognised standard essential
- Operational experience of implementing and auditing ISO27001 compliant Information Security Management Systems (ISMS) preferable
- Knowing of sampling techniques preferable
- Working knowledge of the General Data Protection Regulation (GDPR)
Working knowledge of the SRA Code of Conduct 2019 preferable
|
