IT Security Analyst - Assurance

Location: Sydney, Brisbane, Melbourne 

Contract Type: Permanent 

MinterEllison is one of Australia’s largest law firms, with nearly 200 years of business history.  We're known for our legal and consulting expertise - and for our inclusive and authentic character.

Our purpose is to create sustainable value with our clients, people and communities.  That means we have a proud history of providing excellence to clients, nurturing our people and giving back to the communities in which we live and work.

We value excellence, curiosity and collaboration.  Clients rely on us for our responsive, commercial approach.  Our clients include government departments and agencies, private and publicly listed companies, and small and large businesses in Australia and overseas.  

As a highly valued employee we will also provide you with a wide range of benefits. To view our benefits, please copy this link into your browser www.minterellison.com/-/media//Minter-Ellison/Files/Careers/MinterEllison-Employee-Benefits-2024.ashx

Your Role

Our IT Security team is currently looking for an IT Security Analyst to manage and maintain compliance coordination activities under our assurance practice. The assurance practice covers – client questionnaires, supply chain security, pen testing, user awareness and compliance with various security standards. This is an internal role reporting into the Assurance GRC Manager and may include occasional travel to other MinterEllison offices. The role is supported by and works closely with broader IT security team, Business Hub for questionnaire coordination, IT project management office, IT Procurement practice and multiple managed services providers.

You will have at least 2 years' experience in information systems environment and a background in information technology. You will have a good understanding of security software and platforms, and security principles, standards and procedures. You are motivated and excited to inspire people at all levels of the business to implement and uphold information security best practices and standards.

More About You

In this role you will have the opportunity to:

• Responding to client questionnaires, audits, security program enquiries, and RFPs on any cybersecurity enquiries
• Build and maintain an ongoing relationship with our external clients security teams
• Coordinate supply chain security reviews including annual reviews and keep the risk register up to date
• Coordinate the IT Security awareness program (Email newsletters, monthly awareness, Ad-hoc alerts) and coordinate with the broader IT training and Talent training teams.
• Assist with maintaining MinterEllison's compliance program (including ISO27001, SSAE16, ASD E8, NIST, CPS 234), risks and any remediation. Work with internal and external auditors to schedule and respond to ISO audits
• Maintain MinterEllison Security Trust Centre with regular updates on IT sec policies, procedures, and other information about the security program
• Running quarterly audits on key stats such as privileged access, user access, mobile device compliance, asset inventory etc
• Assist with IT security operations on any security incidents during and, if required, after business hours
• Be up-to-date with information security best practices and industry trends for security solutions and standards

Knowledge, Skills and Experience:

• At least 2 years' experience in information systems environment and a background in information technology.
• Expert level skill in coordinating tasks, organising activities and maintaining a program on schedule.
• Demonstrated experience in writing high quality executive reports/briefings
• Excellent knowledge of information security principles, standards and frameworks such as ISO27001, SSAE16, APRA CPS234, ASD essential 8. Familiarity with NIST v2.0.
• Experience in running internal IT audits/assessments on policy compliance
• Experience in running supplier assessments and making recommendations from the response
• Must have agile-mindset, incremental delivery over perfection, willingness to try new approaches to a problem
• Ability to manage projects and tasks independently with little supervision
• Relevant security trainings/certifications not mandatory but will be highly desirable

Why MinterEllison

We offer flexible working options to encourage balance, wellbeing and support for sustainable ways of working and a range of social, financial and health benefits, including free gym membership - all with no minimum tenure.

We encourage applications from people of all ages, abilities, cultural backgrounds, genders (including trans or gender diverse), LGBTQ+ people and those with carer responsibilities. We particularly encourage Aboriginal and Torres Strait Islander people to apply.

How to apply

We prefer to connect with people directly, so please submit your CV by clicking on the 'Apply' button. We encourage all applications, including if you do not meet the criteria listed for the role. Your application will also enable us to consider you for other opportunities that may be available at MinterEllison.

If you are currently a MinterEllison employee, please apply through the internal careers page.

If you would like further information, require any adjustments throughout the recruitment process or for a confidential discussion, please contact Miriam.Harner@minterellison.com.