Location: Belfast

Workplace: Hybrid

The Opportunity:

The Senior GRC VRM Platform Specialist will support the efforts of the organization by leading the integration, oversight, and execution of systems and processes supporting the firm's 3rd party risk management efforts. The role holder will utilize various GRC tools to enhance the effectiveness, efficiency, and speed of the risk assessment process in furtherance of the established ISMS and risk management framework.

Working at Baker McKenzie:

Baker McKenzie is the world’s leading law firm with offices all over the world. Our Belfast Centre is home to over 400 teammates in both legal and professional services such as finance, IT, marketing, and business support.

We offer one of the best workplace benefits packages in the business with comprehensive private health cover, income protection, life assurance and a full employee assistance plan. These and a host of other benefits make us one of the most desirable companies to work for in Belfast.

We are committed to promoting inclusion, diversity, and equity for all and are confident we can provide a career as individual and as exceptional as you.

About the role:

As part of this role, the successful candidate will:


  • Support the 3rd party risk assessment program via the use of the established ISMS, risk management framework and VRM platforms.  
  • Champion the integration of the VRM and GRC platforms in a manner that provides integrated executive risk reporting and vendor risk tracking.
  • Utilize the VRM platforms in a manner that maximizes the effectiveness and reliability of the risk assessment process.  
  • Leverage the process and capability improvements achieved in the above efforts to support other aspects of the risk management program, such as greater automation and orchestration.
  • Monitor and report on compliance with the Firm’s information security policies and procedures. 
  • Maintain records of audit findings and ensure that corrective actions are implemented per the agreed remediation schedule.
  • Provide status reports to the IT GRC Manager
  •  Maintain the Firm's security-related information and metrics repositories.

Essential Criteria:

To be successful in this role you will need:

Skills and Experience:

  • Possess a Computer Science bachelor’s degree or substantial equivalent experience. 
  • Demonstrable experience with vendor-facing information security assessments using VRM platforms and reporting results.
  • Background in managing VRM platform information and integrating key risk metrics with GRC platforms.
  • CISSP, CRISC, CISA, CIA preferred.
  • RSA Archer Certified Professional preferred.
  • Thorough understanding of security concepts and best practices 
  • Authoritative understanding of principles, theories, techniques, and methods of information system analysis and risk assessment
  • Authoritative understanding of audit principles applied to common information security domains such as security policy, organizational structure, asset management, human resources, physical security, operations, communications, access control, development, and acquisition, incident management, business continuity, and compliance. 
  • Working knowledge of common information systems such as Active Directory, networking, endpoint management, and SQL
  • Proficient in the use of Microsoft Excel and Word
  • Sufficient business acumen to understand the business drivers associated with risk management concepts, particularly those affecting client audits, RFPs, and contractual terms.
  • Strong communication skills - demonstrated ability to communicate professionally in business language, in both oral and written formats (English).
  • Gather and analyse facts, draw conclusions, define problems, and suggest solutions.
  • Work independently and within a team.
  • Remain productive and maintain focus without direct supervision.
  • Effectively manage multiple tasks concurrently
  • Internalize and act upon constructive feedback.
  • Adopt new skills and improve existing skills in a dynamic environment.