Information Security Auditor

Freshfields is a global law firm with a long-standing track record of successfully supporting the world's leading national and multinational corporations, financial institutions and governments on ground-breaking and business-critical mandates.

Our people make our firm - we are a people business and want to create a welcoming and supportive environment where all can flourish. We see diversity as a strength which creates fresh perspectives and generates new ideas. We enjoy our work and are determined to do an outstanding job. We deliver best when working in teams.

We think and work globally - we do not just say we are one firm; we act like one firm right across the world. We work wherever our clients need us. This is how we define ourselves, not by reference to where we have offices. Cross-border work is not just what we do, it is what we excel at. We understand what it really takes to work across different legal systems and commercial environments and to bridge language and cultural gaps.

We aim to add value in everything we do - we are enthusiastic about helping our clients succeed. We use our experience and creativity to help clients make judgements and achieve their goals. In everything we do, we seek to make a real difference to the communities in which we operate.

Department and Location Overview

Formed in 2014 the Information Security Group (ISG) focuses on delivering operational and strategic information / cyber security and business continuity. The group is independent of IT. Operationally the Information Security Committee and Conduct and Risk Committee oversee the group. The Chief Global Information Security Officer reports into the General Counsel and Global Risk Partner.

The ISG department is based mainly in the firm's London and Manchester offices.

The Freshfields Global Centre in Manchester provides both business and legal services to the firm. Our services are delivered in a way which supports the global nature of our firm and our clients, enables our fee earners to deliver exceptional service to our clients and to do that in a way which is efficient and effective.

Role summary / purpose of job

The primary focus of this role is to assess the security of new and current suppliers and audit the security and business continuity controls applied to core areas of the firm's operation. This is a vital role in improving the firm's compliance position during a period of heightened technological change.

Key responsibilities and deliverables

• Perform information security assessments on new and current suppliers.
• Carry out specific Artificial Intelligence (AI) and emerging technology risk assessments. Evaluate security risks introduced by AI/ML tools, LLM deployments, and automation used by suppliers internally.
• Manage continuous third-party monitoring.
• Monitor automated risk monitoring platforms (BitSight and SecurityScorecard).
• Review and update ISG vendor and audit related policies and processes.
• Design risk mitigation measures in response to information security findings arising from supplier assurance activity.
• Support assurance and review activity following incidents or investigations, including control assessment, root cause analysis, risk identification, and lessons learned.
• Metrics and governance reporting. Produce regular KPI dashboards for management reporting.

Key requirements

• IT/information security auditing experience and/or running third party risk management processes.
• Detailed understanding of ISO 27001/ ISO22301
• Relevant auditing qualifications (Lead ISO27001 auditor, Internal ISO27001 auditor, or equivalent alternative auditing qualifications)
• Working knowledge of technology, software and approaches utilised in the corporate and legal industry.
• Ability to work autonomously, effectively prioritise and manage large and varied workloads, adapting action plan accordingly.
• Experience of influencing stakeholders across departments and translating complex technical requirements into clear practical actions.
• Working knowledge of DORA, NIS2, UK GDPR, EU AI Act, and the UK Cyber Security & Resilience Bill

Desirable

• CISM
• CISSP
• Knowledge of Cloud services (SaaS, PaaS and IaaS)
• Knowledge of containers and virtualisation
• Understanding of global cyber security and privacy laws and application to both internal and external data subjects
• Previous legal sector experience.

Behaviours required to perform the role

• An excellent communicator and multi-tasker with exceptional organisational abilities
• Ability to engage across diverse global jurisdictions, aligned with the firm's stated diversity values.
• Ability to influence and collaborate with colleagues across teams.
• Comfortable interpreting security metrics and presenting risk posture to senior leadership and governance committees. Ability to combine a good eye for detail with big picture corporate considerations.
• Detailed, focused and pragmatic
• Motivated and initiative-taking, with an eagerness to learn and develop.

For individuals assigned and/or hired to work in New York and California or reporting to someone in those states, Freshfields is required by law to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the States of New York and California and takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $42/hour.

EEO Statement

Freshfields US LLP is proud to be an equal employment employer. Our policies and practices will be free from unlawful discrimination based upon race, color, ethnicity, religion, creed, sex (including pregnancy, childbirth or related medical conditions), national origin, citizenship, immigration status, ancestry, age, marital status, protected veteran status, military service, disability, medical condition, genetic information, sexual orientation, gender identity, or any basis prohibited under federal, state or local law. We strive to promote an atmosphere that encourages equal opportunities and prohibits discriminatory practices, including sexual harassment.

Disability Accommodation for Applicants to Freshfields US LLP

Freshfields US LLP is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability, you may use the alternative email address below to contact us about your interest in employment at BusinessServicesRecruitment@Freshfields.com , or you can send your resume to BusinessServicesRecruitment@Freshfields.com , or you can call us at +1-212-277-4000.