Cyber Governance, Risk

New role to the firm - Enhance what we have and take the next step in your career- With a few years experience behind you, you will be looking to introduce what you’ve learnt in developing and implementing cyber governance frameworks and processes, ensuring that we meet our information security and compliance goals.- As a leading law firm, we actively seek people from diverse backgrounds to enrich our culture and performance.

Who are we?

A firm born in Asia, underpinned by world class capability.

With over 3000 lawyers in 29 global locations, we help our clients manage their risk and enable their growth. Our full-service offering combines un-matched top tier local capability complemented with an international platform.

We have deep roots in Australia spanning almost 200 years and acknowledge Aboriginal and Torres Strait Islander peoples as the traditional owners and custodians of these lands and waters.

Role Detail

With a ‘continuous improvement lens’ on our cyber governance and compliance obligations, this new role to the firm will help us continue to lead in managing our cyber risk internal and external compliance obligations. Freeing up the team to focus on their BAU, this role will give you the opportunity to enhance our cyber security culture through robust processes and reporting.

Based in the Sydney CBD office, with a balanced approach to WFH, you will play a key role in developing and implementing cyber governance frameworks and processes, ensuring that we meet our information security and compliance goals.

Reporting to the Information Security Manager, you will also create and maintain documentation to demonstrate our adherence to organisational and regulatory policies, standards and best practices. You will be integral with helping the firm manage third party vendor risk and meet its client information security compliance obligations.

Key responsibilities:
- Manage and oversee the organisation's third-party vendor management program, including the assessment and ongoing monitoring of our vendors' cyber security practices.- Collaborate with internal stakeholders to identify and evaluate potential cyber security risks associated with third-party vendors.- Develop and maintain strong relationships with vendors to ensure compliance with contractual obligations and cyber security requirements.- Working closely with our Risk and Compliance team, respond to client third-party security audits by coordinating and providing necessary documentation, evidence, and responses to address audit findings.- Conduct regular assessments of vendors' cyber security controls, policies, and practices to identify potential vulnerabilities and areas for improvement.- Assist with maintaining our internal cyber security compliance programs, ensuring alignment with industry best practices and frameworks such as ISO27001.- Supporting the maintenance and operation of our policies, procedures and standards, registers, guides and reporting.- Supporting and coordinating internal and external audit programs.- Monitor and assess cyber security risks and compliance issues, providing recommendations for remediation and improvement.- Provide cyber risk support for projects and business as usual initiatives.- Stay up to date with emerging cyber security threats, trends, and regulatory requirements, and provide guidance on their potential impact on the organisation.- Collaborate with cross-functional teams to develop and deliver cyber security awareness and training programs for employees.- Assisting the Head of Information Security and Information Security Manager with maintaining operational metrics on the effectiveness of the firm’s Information Security program.

About You

Your natural curiosity will fit nicely, and your collaborative approach will be celebrated. As the SME in this area, you will be looked to for direction which requires confidence in your ability, backed by the experience from lessons learnt.

You will also bring:
- Solid knowledge of information security concepts and practices, such as risk assessment and assurance.- Strong knowledge of third-party vendor management principles, practices, and frameworks.- Proven experience in responding to client third-party security audits and addressing audit findings.- In-depth understanding of cyber security compliance frameworks, particularly ISO27001.- Familiarity with other relevant frameworks and regulations such as NIST, GDPR, or APRA CPS 234 is highly desirable.- Excellent analytical and problem-solving skills, with the ability to assess and mitigate cyber security risks effectively.- Strong communication and interpersonal skills, with the ability to collaborate with internal and external stakeholders at various levels.- Demonstrated ability to develop and implement cyber security compliance programs and policies.- Relevant certifications such as CISSP, CISM, CRISC, or ISO27001 Lead Auditor are highly desirable.- Proven ability to stay up to date with eme