IT Security Analyst - Assurance

Job Description

MinterEllison is one of Australia’s largest law firms, with nearly 200 years of business history. We're known for our legal and consulting expertise - and for our inclusive and authentic character. Our purpose is to create sustainable value with our clients, people and communities. That means we have a proud history of providing excellence to clients, nurturing our people and giving back to the communities in which we live and work. We value excellence, curiosity and collaboration. Clients rely on us for our responsive, commercial approach. Our clients include government departments and agencies, private and publicly listed companies, and small and large businesses in Australia and overseas. Our IT Security team is currently looking for an IT Security Analyst to manage and maintain compliance coordination activities under our assurance practice. The assurance practice covers client questionnaires, supply chain security, pen testing, user awareness, and compliance with various security standards. This is an internal role reporting into the Assurance GRC Manager and may include occasional travel to other MinterEllison offices. The role is supported by and works closely with the broader IT security team, Business Hub for questionnaire coordination, IT project management office, IT Procurement practice, and multiple managed services providers. You will have at least 2 years' experience in an information systems environment and a background in information technology. You will have a good understanding of security software and platforms, and security principles, standards, and procedures. You are motivated and excited to inspire people at all levels of the business to implement and uphold information security best practices and standards. More About You In this role you will have the opportunity to: Respond to client questionnaires, audits, security program enquiries, and RFPs on any cybersecurity enquiries. Build and maintain an ongoing relationship with our external clients' security teams. Coordinate supply chain security reviews including annual reviews and keep the risk register up to date. Coordinate the IT Security awareness program (Email newsletters, monthly awareness, Ad-hoc alerts) and coordinate with the broader IT training and Talent training teams. Assist with maintaining MinterEllison's compliance program (including ISO27001, SSAE16, ASD E8, NIST, CPS 234), risks, and any remediation. Work with internal and external auditors to schedule and respond to ISO audits. Maintain MinterEllison Security Trust Centre with regular updates on IT security policies, procedures, and other information about the security program. Run quarterly audits on key stats such as privileged access, user access, mobile device compliance, asset inventory, etc. Assist with IT security operations on any security incidents during and, if required, after business hours. Stay up-to-date with information security best practices and industry trends for security solutions and standards. Knowledge, Skills, and Experience: At least 2 years' experience in an information systems environment and a background in information technology. Expert level skill in coordinating tasks, organizing activities, and maintaining a program on schedule. Demonstrated experience in writing high-quality executive reports/briefings. Excellent knowledge of information security principles, standards, and frameworks such as ISO27001, SSAE16, APRA CPS234, and ASD essential 8. Familiarity with NIST v2.0. Experience in running internal IT audits/assessments on policy compliance. Experience in running supplier assessments and making recommendations from the response. Must have an agile mindset, incremental delivery over perfection, and a willingness to try new approaches to a problem. Ability to manage projects and tasks independently with little supervision. Relevant security training/certifications not mandatory but will be highly desirable. Why MinterEllison We offer flexible working options to encourage balance, wellbeing, and support for sustainable ways of working and a range of social, financial, and health benefits, including free gym membership - all with no minimum tenure. We encourage applications from people of all ages, abilities, cultural backgrounds, genders (including trans or gender diverse), LGBTQ+ people, and those with carer responsibilities. We particularly encourage Aboriginal and Torres Strait Islander people to apply. How to apply We prefer to connect with people directly, so please submit your CV by clicking on the 'Apply' button. We encourage all applications, including if you do not meet the criteria listed for the role. Your application will also enable us to consider you for other opportunities that may be available at MinterEllison. If you are currently a MinterEllison employee, please apply through the internal careers page. If you would like further information, require any adjustments throughout the recruitment process, or for a confidential discussion, please contact . #J-18808-Ljbffr