IT Governance, Risk & Compliance Lead

We are Eversheds Sutherland, a global law firm, with more than 5,000 people across over 30 countries. We’re full-service with deep niche and sector experience. Whatever challenge, wherever in the world, we’re equipped and ready to meet it. We live our values, we’re purposeful and purpose-led. So although the world is fast-moving and rapidly changing, we see it as a place where everyone can thrive. We’re ambitious for our clients, our communities – and for you. Whether you’re starting out on your career or well established, whether you’re a lawyer or in business services. If you’re looking for what’s next, we are too.

What to expect

For business professionals, our environment is highly collaborative with value being placed on diversity of ideas, skills and mindsets. Not least yours. It's energetic, fast-moving and there's always something new to get involved in. You will get exposure across geographies and the firm as a while. The future is a place of opportunity. Focusing on your success and for what's next, will ensure you thrive too.

Role and key responsibilities

Eversheds Sutherland are seeking an experienced IT Compliance / Audit Lead to join our expanding Cyber Security team . You will be reporting to the Head of Cyber Security within the IT department; having responsibility for partnering with IT & Business Leadership to provide assurance of the level of control effectiveness, manage / facilitate client audits, ensure continuous improvement of standards.

You will evaluate any related external frameworks or standards (e.g., ITIL, COBIT, National Institute of Standards and Technology [NIST], etc.) or internal standards (e.g., code of conduct and use) to determine the relevant IT compliance requirements and controls.

You will be responsible for partnering with Eversheds Sutherland’s key clients / auditors to identify and support their compliance requirements. You will be a proven strong communicator who works in a highly professional manner to ensure appropriate business representation to demonstrate effective standards are being met and exceeded.

You will be instrumental in automating and systemising IT & business controls. Proven experience of implementing GRC tools, training management on control ownership and ensuring an effective system for exceptions to standards.

Reporting regularly to top management will be a weekly expectation, you ideally will have proven experience of working within the legal industry.

• Determine and maintain an inventory of all regulatory, commercial and organizational technology compliance requirements.
• Facilitate the creation and modification of all technology compliance policies.
• Implement and maintain a compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization.
• Report the levels of IT compliance risk and control effectiveness to key stakeholders such as IT-business unit management, senior management, board of directors, legal management, regulators, internal/external auditors, etc.
• Leading the Firm’s professional response to internal and external audits and reviews
• Establish, monitor, evaluate, report in a professional manner; clearly highlighting the current state of Compliance across the business – specifically IT
• Create an IT compliance training and awareness program that periodically educates the requisite end-user community on the relevant IT compliance requirements
• Lead self-assessments against Global standards
• Benchmark against ISO27001+ and NIST
• Provide input, and direction, to the Cyber Security strategy
• Management of Governance, Risk and Compliance tool
• Update of control standards and embedding control ownership
• Drive cultural change to ensure that IT security is a key consideration for new systems and processes
• Lead by example by living the values of Eversheds Sutherland

Skills and experience​

• Extensive experience in managing audits and driving control continuous improvement
• Expert understanding of control frameworks
• Strong communication skill set
• Excellent Governance, Risk and Compliance skill set
• Effective utilisation, and management, of external suppliers
• Able to react quickly, decisively and professionally
• Industry related legal, compliance, information security or business continuity management certification is preferred.

What’s in it for you?

At Eversheds Sutherland, we provide benefits focused on looking after you: your development, your performance, your financial future and your health, as well as providing the opportunity to make a contribution to the world.

• We’re fair, transparent and equitable
• We share in the success of the firm, reward alignment to our values, going above and beyond and your individual performance
• We support flexible ways of working through our remote working policy and commitment to flexible, agile and hybrid ways of working
• We support your health and performance through our dental, healthcare and wellness support
• We support everything you are and all you bring through our powerful commitment to diversity and inclusion
• We provide a platform for your career, whatever your ambitions through our structured professional and personal training, mentoring and development programs
• We provide experience and opportunity through international and cross-function exposure
• We provide an opportunity to give back through our pro bono work and community engagement
• We help you plan ahead through retirement planning, insurance and assurance

Diversity & Inclusion

At Eversheds Sutherland, “Inclusive” is a core business value. We bring together different skillsets, global mindsets and approaches. We foster diversity of thought and the freedom to put ideas into action. We have an inherent respect for the individual. We have a strong belief in collaboration and teamwork. Sharing ideas, asking questions, solving challenges and meeting our clients’ goals: together.

We want all our people to thrive at work and reach their full potential and we work hard to continue to build a diverse and inclusive culture, monitor and report on our progress and impact, and develop our approach. This is reflected in our policies, systems and processes, and in our work with diversity membership organisations. Many of our people work flexibly in some way and we are open to considering how we can accommodate flexible working arrangements alongside role requirements.

If this is important to you, please talk to us about it during the recruitment process. We want you to perform at your best during our recruitment process. If there is any adjustment or support you need, please contact us so we can discuss how we can best assist you.