Purpose of the Role:

The Information Security Supply Chain Risk team is responsible for highlighting and making informed recommendations around information security risk across the practice, both in terms of downstream assurance from suppliers engaged to support our business and upstream assurance given to our clients on behalf of the Firm.

The Information Security Assurance Analyst will (upon request) provide assurance to the firm’s client base in order to meet their own regulatory and compliance objectives (i.e. from an upstream perspective). This will entail contact and meetings with relevant stakeholders and relationship owners as well as with the firms’ clients directly.

Main Duties and Responsibilities

  • Engage with internal stakeholders and relationship owners to understand client requirements.
  • Complete client information security related questionnaires.
  • Review client contracts and highlight areas of concern around the firms’ compliance on information security matters.
  • Manage client audits at the firm’s locations and be able to demonstrate the firm’s controls that are key elements of its security program and are of interest to clients.
  • Offer commercial support to the firm, in terms of providing information relating to the firm’s security program in support of client bids and tenders.
  • Act as central point of contact for all client related information security enquiries and issues.
  • Remain informed on trends and issues in the security industry.
  • Act as cover for Supply Chain Information Risk Analyst.


  • Further education calibre individual or qualifications in either technical / business subject.
  • Information Security qualifications such as ISO27001 lead auditor desired but not essential.

Relevant Experience Required

  • Experience in a client facing information security role, preferably in a professional services environment
  • Working knowledge of ISO27001 and other related standards.

Key Skills

  • High level knowledge of practices and procedures of information security.
  • Good working knowledge of cyber risk.
  • High level working knowledge of GDPR compliance areas that relate to information security.
  • Proven analytical and problem solving skills.
  • Ability to plan and prioritise workloads, whilst working to strict deadlines and measuring progress;
  • Articulate and capable of producing high quality written output.

Personal Qualities / Behaviours

  • Excellent communication and people skills;
  • Self-motivated, willingness to take on challenges and adaptability to change and manage changing priorities;
  • A team player with a flexible and pro-active approach to work with the ability to work autonomously, but will seek guidance when required;
  • Ability to work in a fast pace challenging and demanding environment with changing priorities;
  • Demonstrates determination and a ‘can-do’ approach.
  • Ability to embrace and represent the Firm’s values in day to day interactions.