Baker McKenzie

To support the efforts of the organization by supporting Firm security projects, reporting, and audit preparation.  The position is also responsible for the execution of internal and third-party information security audits to assess the firm’s risk posture relative to the established ISMS and risk management framework.

Main responsibilities:

• Execute recurring information security controls audits on both internal and external entities using an established ISMS and risk management framework   
• Provide effective responses to client Requests for Proposals and Requests for Information in support of the business development function
• Respond to client information security audits in a timely, accurate, and effective manner
• Monitor control systems to ensure that appropriate information access levels and security clearances are maintained 
• Monitor and report on compliance with the Firm’s information security policies and procedures
• Maintain records of audit findings and ensure that corrective actions are implemented per the agreed remediation schedule
• Provide status reports to the IT GRC Manager
• Maintain the Firm's security-related information and metrics repositories

Skills and experience:

• A thorough understanding of security concepts and best practices.   
• Authoritative understanding of principles, theories, techniques, and methods of information system analysis and risk assessment.  
• Authoritative understanding of audit principles applied to common information security domains such as security policy, organizational structure, asset management, human resources, physical security, operations, communications, access control, development, and acquisition, incident management, business continuity, and compliance. 
• Working knowledge of common information systems such as Active Directory, networking, endpoint management, and cloud security concepts.  
• Proficient in the use of Microsoft Excel and Word.
• Sufficient business acumen to understand the business drivers associated with risk management concepts, particularly those affecting client audits, RFPs, and contractual terms.  
• Strong communication skills - demonstrated ability to communicate professionally in business language, in both oral and written formats (English).
• Gather and analyze facts, draw conclusions, define problems, and suggest solutions.  
• Work independently and within a team.
• Remain productive and maintain focus without direct supervision.  
• Effectively manage multiple tasks concurrently.
• Internalize and act upon constructive feedback. 
• Adopt new skills and improve existing skills in a dynamic environment.
• Possess a Computer Science Bachelor’s Degree or substantial equivalent experience  
• A good amount of professional experience with a company-facing information security audit, client-facing audit response, third-party vendor risk management platforms, security metrics tracking and reporting, managing phishing campaigns, and remediation tracking. 
• Some working knowledge surrounding foundational information security systems and processes
• SSCP or equivalent preferred
• RSA Archer Certified Professional preferred

Reports to: Associate Director, Information Security

Development framework: Specialist

Baker McKenzie empowers clients to compete in the global economy. We provide comprehensive and practical legal advice that cuts through complexity with clear, actionable guidance. Our people represent diverse cultures and jurisdictions, combining local know-how with international expertise to ensure your business thrives across borders.

Baker McKenzie is an Equal Opportunity Employer. We are committed to promoting diversity and inclusion for all. Our unique international culture is reflected in the drawing together of a worldwide family of individuals from diverse cultures and backgrounds in all of our offices. We encourage the best people - regardless of race, religion or belief if any, gender, gender identity, disability, sexual orientation or age - to fulfill their professional aspirations with us. We are committed to ensuring an inclusive and accessible experience for all candidates.