Information Security Auditor

Information Security Group Role

The primary focus of this role is to assess the security of new and current suppliers and audit the security and business continuity controls applied to core areas of the firm's operation. This is a vital role in improving the firm's compliance position during a period of heightened technological change.

Key responsibilities and deliverables

• Perform information security assessments on new and current suppliers.
• Carry out specific Artificial Intelligence (AI) and emerging technology risk assessments. Evaluate security risks introduced by AI/ML tools, LLM deployments, and automation used by suppliers internally.
• Manage continuous third-party monitoring.
• Monitor automated risk monitoring platforms (BitSight and SecurityScorecard).
• Review and update ISG vendor and audit related policies and processes.
• Design risk mitigation measures in response to information security findings arising from supplier assurance activity.
• Support assurance and review activity following incidents or investigations, including control assessment, root cause analysis, risk identification, and lessons learned.
• Metrics and governance reporting. Produce regular KPI dashboards for management reporting.

Key requirements

• IT/information security auditing experience and/or running third party risk management processes.
• Detailed understanding of ISO 27001/ ISO22301
• Relevant auditing qualifications (Lead ISO27001 auditor, Internal ISO27001 auditor, or equivalent alternative auditing qualifications)
• Working knowledge of technology, software and approaches utilised in the corporate and legal industry.
• Ability to work autonomously, effectively prioritise and manage large and varied workloads, adapting action plan accordingly.
• Experience of influencing stakeholders across departments and translating complex technical requirements into clear practical actions.
• Working knowledge of DORA, NIS2, UK GDPR, EU AI Act, and the UK Cyber Security & Resilience Bill

Desirable

• CISM
• CISSP
• Knowledge of Cloud services (SaaS, PaaS and IaaS)
• Knowledge of containers and virtualisation
• Understanding of global cyber security and privacy laws and application to both internal and external data subjects
• Previous legal sector experience.

Behaviours required to perform the role

• An excellent communicator and multi-tasker with exceptional organisational abilities
• Ability to engage across diverse global jurisdictions, aligned with the firm's stated diversity values.
• Ability to influence and collaborate with colleagues across teams.
• Comfortable interpreting security metrics and presenting risk posture to senior leadership and governance committees. Ability to combine a good eye for detail with big picture corporate considerations.
• Detailed, focused and pragmatic
• Motivated and initiative-taking, with an eagerness to learn and develop.

Compensation

For individuals assigned and/or hired to work in New York and California or reporting to someone in those states, Freshfields is required by law to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the States of New York and California and takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is $42/hour.

EEO Statement Freshfields US LLP is proud to be an equal employment employer. Our policies and practices will be free from unlawful discrimination based upon race, color, ethnicity, religion, creed, sex (including pregnancy, childbirth or related medical conditions), national origin, citizenship, immigration status, ancestry, age, marital status, protected veteran status, military service, disability, medical condition, genetic information, sexual orientation, gender identity, or any basis prohibited under federal, state or local law. We strive to promote an atmosphere that encourages equal opportunities and prohibits discriminatory practices, including sexual harassment. Disability Accommodation for Applicants to Freshfields US LLP Freshfields US LLP is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in job application procedures.