21 Jul, 2018
The firm Dentons is always looking to invest in the highest-quality talent, recognising that our success is built on the diverse and unique strengths of each of the members of our Firm. Dentons is the world's largest law firm, delivering quality and value to clients around the globe. Dentons is a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons' polycentric approach and world-class talent challenge the status quo to advance client interests in the communities in which we live and work. . Purpose of role The Information Governance & Security Manager's primary responsibility is to plan, design, oversee and support information governance and security aspects of the processes and technology that relate to the delivery of legal services. This includes client-facing services and activities coordinated with the Firm's practice areas and the following departments: Information Technology, Risk and Compliance, Human Resources, Finance, Learning & Development, Marketing and Facilities Management. They will also work closely with decision makers across the organisation to identify, recommend, develop, implement, and support cost-effective solutions for risk-related aspects of the organisation. Furthermore, the manager will help identify and operationalize records information management (RIM) initiatives and standards that need to be applied to the operating environment. Key functional areas of the role include initiatives governing the Firm's client and administrative data / information in accordance with ethical, legal and contractual requirements. An important aspect of the role is communication. The position is the primary link between IT and the legal and support departments ensuring good two-way dialogue for risk management, governance and security best practices. Responsibilities General Help define and communicate governance and compliance prioritiesto the business. Research potential technology solutions and, where applicable, implementation to support Information Governance & security initiatives. Establish and maintain regular written and in-person communications pertinent to governance and securityactivities. Where necessary, develop business case justifications and cost benefit analysis for proposed areas of spending and initiatives. This includes the directing of research on potential technology solutions and, where applicable, the implementation to support new initiatives. Develop and monitor security and governance budgets. Manage staffing, including recruitment, supervision, scheduling, development, evaluation, and disciplinary actions for direct reports. Participate in the Duty Manager Rota. Specific Support business leaders in client-facing engagements and act as an IT Ambassador in records and information management initiatives. Help develop, maintain, evaluate and implement policies and procedures in line with both. business requirements and national and international legislative changes, (i.e. ISO 9001/27001/22301, HIPAA processes and procedures.) Help ensure IT's services are well aligning with records and information management guidelines. Participate in internal and external client audits as it relates to IT governanceand compliance. In partnership with Business Services, ensure services are properly positioned within client RFP responses as well aligning responses at a Global level. Oversee internal and external client audits as it relates to IT security and compliance. Assist with third-party IT vulnerability assessments. Work with IT personnel to ensure awareness and alignment of ongoing client, industry and best practice compliance obligations. Align services to support RIM requirements and standards, globally as applicable. Data Governance & Compliance Ensure that the following activities occur in accordance with Firm approved information governance policies, including: Administer document classification audits and coordinate remediation activities Help develop guidance, processes, and tools / controls to ensure Firm data is structured and secured appropriately Help ensure data integrity of core client data across Firm systems Data Privacy Help ensure appropriate controls are in place to enforce confidentiality, privacy, and security obligations for protected information, including: Help advise legal teams on how to manage protected information Manage access entitlement reviews of sensitive information. Provide practical recommendations and solutions to complex and/or technical issues that relate to the management of client and Firm administrative information Coordinate the development and maintenance of supporting procedures and processes Serve as liaison to, and foster good working relationships with, attorneys and others needing assistance with information governance issues Assist with responding to information requests from partner and other internal and external parties Respond proactively to both business and project issues and escalates appropriately Required experience, skills and attributes Experience Skills & Knowledge Technical Skills Extensive information security experience across broad security domains. Experience in security monitoring, detection, prevention and control systems. Ability to stay current with intrusion detection systems, hacker techniques, phishing schemes, emerging logical security threats, and compromised server techniques. Knowledge and experience of industry standards such as ISO 27001, Cyber Essentials, Cyber Essentials Plus Solid understanding of data handling best-practices and information management and governance Knowledge of cross-border regulations, such as GDPR and EU data Privacy rules a plus Experience in RIM, privacy and cyber governance, risk and compliance frameworks and controls Understand legal and regulatory RIM requirements across sectors Develop privacy guidelines & architectures and assist with implementation of roadmaps that include consideration of traditionally problematic areas such as governance, consent management, privacy-by-design and pragmatic approaches to records retention and deletion Perform privacy maturity assessments, RIM assessments and design and implementation reviews Proven ability to identify and assess complex risks and understand the mechanisms (people, process, technology) available to manage those risks Knowledge of the core concepts underlying privacy - consent, fair processing, legal basis for processing, anonymization/pseudonymisation, privacy-by-design Help obtain and maintain existing and future accreditations in accordance with applicable regulations, client-requirements and industry best-practices Experience working with technical people responsible for implementing security technology Broad understanding of technology and legal applications preferred Experience working with technical people responsible for implementing RIM technology Ability to dig into details as well as analyse data from a high level view Understand compliance, legal and ethical obligations organisations should have with respect to logical and physical security, personally identifiable information and data protection Personal Skills / Attributes Excellent written and oral communication skills Highly motivated, proactive and outcome orientated Ability to work closely with the others inside and outside the IT department Ability to influence internal and external stakeholders Self-starter that takes ownership of identified issues Analytical, evaluative, and problem-solving abilities Ability to effectively prioritise and execute tasks in a high-pressure environment Extensive experience working in a team-oriented collaborative environment Keen attention to detail Smart and professional manner Able to be an ambassador for Dentons being professional in outlook, attitude and appearance Responsible for project timeliness and customer satisfaction Qualifications & Requirements This position requires a self-motivated, creative and detail-oriented individual with a strong knowledge of legal information management and/or information governance processes and technologies. Aptitude and interest in information technologies, critical thinking, and interpersonal skills is necessary. We seek significant prior experience that demonstrates good business understanding. Must be capable of analyzing data, understanding technology, effectively prioritizing tasks/projects, and communicating complex and/or technical topics relating to IG to those who have no prior knowledge of the Firm's systems and policies. Must have excellent communication skills, organizational, analytical & planning skills. Candidates with an educational background from a wide variety of disciplines including information technology, legal, compliance, information management, and/or records management or equivalent experience will be considered. Language Capabilities We are a truly global law firm and as such, always welcome hearing from those with foreign language capabilities. Equal opportunities Dentons is committed to providing equal opportunities for all. If, as a result of a disability, you believe that there are aspects of the recruitment process or job that you would find more difficult than a non-disabled person, please tell us as soon as possible. We will then be able to discuss with you any reasonable adjustments that could be made to the recruitment process or the job itself.