Information governance and security analyst

Malta Island
Permanent
Full-time

23 days ago

We are seeking to recruit a Information Security Analyst to join our team. The Information Governance and Security Analyst plays a crucial role in supporting and enhancing the firm's Information Security Management System (ISMS). The analyst will be responsible for drafting, reviewing, and maintaining security policies and procedures that align with ISO standards, regulatory obligations, internal processes, and industry best practices. The analyst will also participate in trials and evaluations of AI and other IT software solutions, contribute to intranet governance, and support GDPR and Health & Safety internal matters. Training and mentorship will be provided.Key responsibilities:

Develop, review, and maintain ISMS-related policies and procedures to ensure compliance with ISO27001, GDPR, and MFSA requirements.
Work collaboratively with IT, Compliance, and Risk teams to ensure policies accurately reflect operational realities and regulatory obligations.
Stay informed about evolving laws, regulations, and industry standards; proactively identify compliance gaps and recommend effective solutions.
Maintain policy and procedures registers, version control, review cycles, and approval workflows.
Assist in maintaining the firm's intranet as the authoritative source for policies and procedures.
Support and participate in internal ISMS audits, including verifying adherence to requirements, identifying areas for improvement, and following up on the implementation of corrective actions.
Assist in responding to security-related questionnaires from clients.
Support awareness initiatives and training programmes to promote best practices and a security-conscious culture across the firm.
Maintain comprehensive documentation and evidence required for compliance audits, certifications, and regulatory reviews.
Participate in trials, proofs of concept, and evaluations of AI tools and other IT software solutions, contributing insights to assess potential benefits, risks, and compliance considerations to support decision-making.
Support Health and Safety compliance activities including policy updates.

Qualifications & Experience:

Bachelor's degree in IT, Information Systems, Business, Law, or a related field.
Experience or exposure to information security, compliance, or IT governance.
Familiarity with ISO/IEC 27001 standards, information security, and GDPR principles is desirable.
Practical exposure to drafting and maintaining security policies, conducting internal audits, or supporting compliance initiatives is advantageous.
Interest in emerging technologies, including AI, from a governance perspective.

Skills and Competencies:

Strong analytical and documentation skills.
Excellent written and verbal communication skills, with the ability to engage and influence stakeholders.
Attention to detail and a methodical approach to maintaining documentation and evidence for audits, certifications, and regulatory reviews.
Proactive, collaborative mindset with a commitment to continuous learning and professional development.

Additional Information:

Training and professional development will be provided.
Exposure to enterprise-grade security tools and Microsoft 365 ecosystem a plus.
Opportunity to contribute to strategic security initiatives within a leading law firm.

Ganado Advocates

Apply Now