Information Security Officer

We're passionate about what we do and want you to be too.

Moray & Agnew is one of Australia's leading law firms with an unrivalled reputation in our markets. We're proud that our partners and our legal expertise are consistently recognised by Chambers Asia-Pacific, Legal 500 Asia-Pacific, Best Lawyers and Doyle's Guide.

With over 110 partners, our teams are organised into three strategic pillars so that we can play to our strengths:

• Insurance – including commercial classes such as financial lines, professional indemnity, public & product liability, life insurance and through to statutory classes such as workers compensation and compulsory third party.
• Commercial & Workplace – spanning corporate and commercial, construction and projects, property and environment, commercial dispute resolution, insolvency, owners' corporation and workplace law.
• Government – spanning local, state and federal government.

Our clients include Australian and international insurers and reinsurers, corporates of all sizes, and federal, state and local government.

Nationally, over 750 talented people deliver top-quality legal advice and representation, coupled with exceptional client service and support, across our offices in Sydney, Melbourne, Brisbane, Canberra, Newcastle, Perth and Cairns.

Our partners are committed to fostering flexible, inclusive and diverse environments for our employees. We have the fourth highest percentage of female partners according to the AFR Law Partnership Survey, July 2024.

We value technical excellence and collegiality, offer a great workplace culture and excellent opportunities to further your career, whether you are just starting out, are an experienced lawyer or a business services professional.

About the role

We are seeking an experienced and dedicated Information Security Officer to join us in this newly created role. Reporting to the National IT Manager, the Information Security Officer will be responsible for developing, implementing, and maintaining our information security management system to ensure the confidentiality, integrity, and availability of our information assets. The ideal candidate will have a strong background in information security best practices, risk management, and incident response.

On a day-to-day basis, some of the key responsibilities for this role will be to:

• Develop, maintain and implement our information security policies, procedures, and guidelines to ensure our commitment to a robust security posture.
• Develop and maintain our ISMS which is closely aligned with our ISO 27001 accreditation.
• Manage regular security assessments, vulnerability scans, and penetration tests to identify and mitigate security risks.
• Respond to security-related queries and audits from our regulated client base.
• Lead and manage security audits and assessments conducted by external parties.
• Monitor and analyse security alerts and incidents to ensure timely identification and response to threats.
• Ongoing promotion of security awareness among all employees to strengthen our firm's security-focused culture.
• Stay current with evolving security threats, vulnerabilities, and industry best practices.
• Develop and test incident response plans to ensure the firm is prepared to handle security incidents effectively.
• Collaborate with external partners, including vendors, to optimise the value and effectiveness of our investments in information security technologies.

About you

To be successful in this role, you will have a minimum of 5 years of experience in information security, and strong interpersonal skills including the ability to work effectively with diverse teams. Some of the other skills and attributes we are seeking in a candidate include:

• Professional certifications such as CISSP, CISM, or CEH are highly desirable.
• AGSVA NV-1 Security clearance.
• Strong understanding of Information Security standards such as ISO 27001 and DISP.
• In-depth knowledge of information security principles, practices, and technologies.
• Experience in coordinating security assessments, vulnerability scans, and penetration tests.
• In-depth knowledge of security technologies such as EDR, SIEM, NGFW and email security solutions.
• Proficient in Microsoft technologies including Azure.

Culture & benefits of working with us

We work for great clients and advise them on interesting issues and matters so every day is different. We celebrate diverse thinking and experiences so you can bring your authentic self to the workplace. To support you, we offer a wide range of wellbeing and financial benefits, including:

• Flexible working arrangements to help you balance your work and personal commitments.
• Health and wellness initiatives, including an Employee Assistance Program for yourself and your family, corporate discounts at 400+ leading fitness and wellbeing brands and mental health first aiders.
• Paid parental leave and accreditations as a Breastfeeding Friendly Workplace and Family Inclusive Workplace.
• Continuous learning and development programs so that you are always being challenged, engaged and encouraged to grow.
• Mentoring opportunities and on-the-job learning to support your professional and personal development.
• Diversity, inclusion and equality policy and employee reference groups (LGBTQIA+, Aboriginal and Torres Strait Islander, Gender, Parents & Caregivers, Mature Workers and Health & Wellbeing) to ensure that we continue to live our values.
• Dress for your day because we trust our people to make choices which appropriately represent our firm.

How to apply

If this opportunity is attractive to you, please submit your cover letter and CV. If you are applying for a Paralegal, Law Graduate or Lawyer role, please also provide your academic transcript with your application.

We welcome people of all backgrounds and identities to apply for this position, including Aboriginal and Torres Strait Islander people, neurodiverse people and people with disability. If you have questions about the recruitment process or require any adjustments to participate, please let us know in your application.

We prefer to connect with people directly and do not require recruitment agency assistance with this vacancy. Any applications submitted by recruitment agencies without having been briefed will not be considered a valid introduction.