Information Security Auditor

About The Position

Requirements

• IT/information security auditing experience and/or running third party risk management processes.
• Detailed understanding of ISO 27001/ ISO22301
• Relevant auditing qualifications (Lead ISO27001 auditor, Internal ISO27001 auditor, or equivalent alternative auditing qualifications)
• Working knowledge of technology, software and approaches utilised in the corporate and legal industry.
• Ability to work autonomously, effectively prioritise and manage large and varied workloads, adapting action plan accordingly.
• Experience of influencing stakeholders across departments and translating complex technical requirements into clear practical actions.
• Working knowledge of DORA, NIS2, UK GDPR, EU AI Act, and the UK Cyber Security & Resilience Bill

Nice To Haves

• CISM
• CISSP
• Knowledge of Cloud services (SaaS, PaaS and IaaS)
• Knowledge of containers and virtualisation
• Understanding of global cyber security and privacy laws and application to both internal and external data subjects
• Previous legal sector experience.

Responsibilities

• Perform information security assessments on new and current suppliers.
• Carry out specific Artificial Intelligence (AI) and emerging technology risk assessments.
• Evaluate security risks introduced by AI/ML tools, LLM deployments, and automation used by suppliers internally.
• Manage continuous third-party monitoring.
• Monitor automated risk monitoring platforms (BitSight and SecurityScorecard).
• Review and update ISG vendor and audit related policies and processes.
• Design risk mitigation measures in response to information security findings arising from supplier assurance activity.
• Support assurance and review activity following incidents or investigations, including control assessment, root cause analysis, risk identification, and lessons learned.
• Produce regular KPI dashboards for management reporting.

Benefits

• We see diversity as a strength which creates fresh perspectives and generates new ideas.
• We enjoy our work and are determined to do an outstanding job.
• We deliver best when working in teams.
• We think and work globally - we do not just say we are one firm; we act like one firm right across the world.
• We work wherever our clients need us.
• Cross-border work is not just what we do, it is what we excel at.
• We understand what it really takes to work across different legal systems and commercial environments and to bridge language and cultural gaps.
• We aim to add value in everything we do - we are enthusiastic about helping our clients succeed.
• We use our experience and creativity to help clients make judgements and achieve their goals.
• In everything we do, we seek to make a real difference to the communities in which we operate.
• We strive to promote an atmosphere that encourages equal opportunities and prohibits discriminatory practices, including sexual harassment.
• Freshfields US LLP is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in job application procedures.
• At Freshfields we seek to create a better future for our clients, our people and the communities in which we work.
• Our global teams bring together individuals with different experiences, skills and strengths in a culture where we support all to belong, engage and excel.