Job Description

Main information

Experience level

Advanced

Term type

Permanent

Team

Risk & Ethics

Location

Northampton

The role

An exciting opportunity has arisen for an IS Compliance Manager to join the team reporting into the Head of Risk. This role will manage assigned compliance program(s) and related activities for the firm and/or for external customer-managed environments. The jobholder will ensure accurate and timely completion of IT compliance related objectives: such as annual compliance assessments, monitor and drive resolution of compliance observations and security vulnerabilities, and the development and publication of compliance program reporting. The job holder will also be responsible for responding to client audits and relevant tender requirements as well as advising on the firm's key business continuity arrangements.

The team

The risk & ethics directorate (R&E) is responsible for all areas of compliance and risk management for Shoosmiths including developing firmwide policies and procedures to ensure compliance with all legal and regulatory compliance requirements, and to promote best practice. The team works closely with the firm's divisions and directorates to foster a culture of continuous improvement. This role will work particularly closely with the IS team to assist with audits and ensure a strong security posture throughout the business.


Shoosmiths is the law firm clients choose for excellent service, incisive thinking and above all for our ability to focus on what matters. From offices across the UK and Brussels, we support some of the world's most exciting and ambitious businesses; amazing clients making an impact. We empower our people to be their authentic selves and deliver together in supportive teams committed to excellence and innovation. The first top 50 law firm to achieve 'Platinum Standard' Investors in People, our values and culture are not just words on our website but are the heartbeat of the firm.


We have an outstanding benefits package to complement our competitive remuneration system. In addition to the competitive salaries, great working environment and high-quality work, we believe that all staff should be rewarded for their commitment to the continued success of the firm through a comprehensive and flexible range of benefits.

Main responsibilities

Provide IT compliance guidance and recommendations across the firm, including instruction to ensure compliance with all data governance, security and acceptable usage policies. Maintain and improve appropriate documentation, procedures and best practices to ensure that firm retains appropriate accreditations (ISO27001, Cyber Essentials, Cyber essentials+, ISO27002 etc). Act as principal respondent for client audits. Proactively explore control deficiencies associated with IT systems and processes throughout the firm. Ensure internal controls and regulatory compliance across IS, following a risk-based approach that balances efforts with risks for Information Protection. Improve methods of capturing and presenting key compliance data in order to provide clear and concise data to enable appropriate decision making. Promote and implement solutions that reduce the total cost of internal controls compliance. Develop and Manage security awareness and training initiatives to promote the success of company-wide IS compliance. Responsible for responding to Client information security audits, potential client tenders where ISM may be a significant component of the submission. Establish and maintain internal and external contacts to position and leverage industry best practices. Assist with the ongoing development of the firm's AI Policy acting as a contact point for queries related to AI and our overall strategy as part of a secure IS security posture. Own and manage the BCP process. Develop Portfolio and Compliance Programs and control plans. Conduct internal compliance assessments. Document findings and develop remediation plans. Manage internal and customer-facing IT compliance initiatives.

This job description encompasses the main duties expected of the role but the successful candidate may be involved in all areas of risk management from time to time according to the needs of the directorate.

Skills and qualifications

Educated to degree level or equivalent relevant certification, with a minimum of 2-3 years professional experience in a similar compliance role.

Desired:

Experience of working in regulated commercial environments. Solid knowledge of ISO 27001 and cyber essentials+ accreditation requirements and previous implementation experience. Excellent documentation skills using process mapping tools such as Visio, to document control processes that meet auditor requirements and drives understanding of best practices and minimum requirements required. Excellent verbal and written communications skills with ability to communicate with all levels of technical and business resources, and justify the requirements for good operating practices. General IT technical knowledge covering Operating Systems, networking, security, ERP systems and databases.

Advantageous

Previous experience of working in the professional services sector.

Background checks

Due to the nature of the work undertaken, confirmation of employment will be subject to a variety of checks which will be carried out once an offer of employment is accepted. These checks will include employment references covering the last 5 years, proof of ID, proof of address covering the last 5 years, Personnel Vetting credit search (which will only highlight insolvency or County Court Judgments - should any adverse data show on the Personnel Vetting search then any offer of employment made will be withdrawn).Terrorism Check (against data supplied by the Bank of England) and a DBS check previously known as a Criminal Records check.

Equal opportunities

Our approach to our people is underpinned by our approach to diversity, inclusion and well-being. Our ambition is to build a diverse and ambitious workforce that reflects all backgrounds and talents, and a workplace that is supportive and inclusive, recognises and nurtures talent, and has a strong sense of community between colleagues.


This means that everyone who either applies to or works for the firm is treated equally, whatever their gender, age, ethnic origin, nationality, marital status, disability, sexual orientation or religious beliefs.


#LI-CS1