Information Security Governance Risk

Job Type: Full Time

Reports to: Director of Information Security & IT Governance

POSITION OVERVIEW

This Information Security GRC Expert – Associate Manager contributes to Morae success by

implementing, and maintaining people, process and technology-oriented policies, procedures, and

controls to ensure ongoing security and compliance of Morae's innovative technology solutions and

information assets.

As a part of highly skilled Information Security team the role will focus on all areas of information

security governance, risk, and compliance for both our corporate IT environment as well as our

innovative client technology solutions serving some of the world's largest corporations.

The role will concentrate on maintaining both technology and procedural aspects of our ISO27001 and

SOC 2 Type II Regimes, Client Security Compliance, Third Party Risk Management, and Staff Security

Awareness efforts. In addition, the role will contribute to defining and developing both process and

toolsets for Data Classification, Data Loss Prevention, Data Privacy and Data Segregation in our

environments.

Working closely with Director of Information Security, global security operations and wider technology

teams GRC Associate Manager will contribute to development and review of Global Information

Security Strategy, IT Risk Registers and support the work of Risk Management Committee.

The GRC Associate Manager will be coaching and developing junior members of Information Security

GRC team. We are looking strong Information Security expert ready to develop both their technical

and GRC skillset to step up their career onto strategic management level.

KEY RESPONSIBILITIES:

• Contribute to maintenance and development of information security systems, policies and

procedures through implementation and maintenance of policies and identification of gaps

or non-compliance.

• Assist with the development, implementation, and improvement of the Morae Global

technical security processes.

• Ensuring Morae Global policies, applicable standards, customer requirements and best

practices are being followed.

• Supporting the delivery of information security projects and initiatives.

• Represent Morae Global in a professional and productive way while delivering the best in

service to our clients and during interactions with both clients and suppliers.

• Supporting the wider information security and technology team on providing a responsive

and pragmatic approach to day-to-day security issues and broader strategic initiatives

• Ensure security documents are controlled, reviewed, and updated in line with various

contractual and regulatory requirements.

• Develop and lead global information security awareness activities.

• Deliver related security communication across the organisation as required.

• Capturing evidence to support audit and compliance requirements.

• Provide support in responding to client security requests and client assurance assessments

and audits.

• Refine and maintain security dashboards and reports to support the production of security

metrics and quarterly security reporting.

• Initiate continuous improvement ideas and suggestions to increase efficiencies.

• Actively participate in wider, internal, and external information security initiatives.

SKILLS/EXPERIENCE:

• Bachelor's degree and 5+ years of experience of working with security, privacy and legal in a

regulated environment.

• Manage relationships with senior stakeholders in support of technology.

• Demonstrable experience of implementing ISO27001 and SOC 2 Type II Security compliance

frameworks.

• Demonstrable experience and knowledge of Data Governance, Data Classification, Data Loss

Prevention technical and process implementations.

• Experience in Data Privacy Regulatory Compliance implementations – GDPR, POPI, DPDP.

• Excellent English language written and verbal communication skills.

• Ability to write clear and concise policy documentation.

• Strong communication and presentation skills.

• Collaboration and conflict management skills.

• Experience in legal sector, eDiscovery and Document Management architecture would be

advantageous.

• Understanding of IT systems and security tools, including methods, procedures, equipment,

and software used for delivery.

• Planning, and strategic management skills.

Why Morae?

Morae's approach to employee development is unique in the marketplace. At Morae employees are

given opportunities to progress at their own pace and to influence the course of their professional

growth. This includes having the opportunity to earn a client facing role or even an oversight role

within their first year

About Morae:

Morae is a dynamic, high-growth organization that provides an integrated suite of solutions to

corporate law departments and law firms, and partners with leading software and services

providers, both within and outside the legal industry. We are a young company but are made up of

seasoned professionals in the legal industry, with a focus on building productive long-term

relationships with employees and clients in an environment where collaboration is encouraged,

knowledge is shared freely, and diversity of thought, cultures, communities, and points of view is

embraced. Our team has the vision to create an effective solution for any business problem and the

experience to execute that vision. Learn more at Our privacy policy can be found

here