Information Governance, Communications & Policy Specialist

Our client, a respected and multi-disciplinary law firm, is seeking an Information Governance, Communications, and Policy Specialist to own and enhance the firm's Information Security Management System (ISMS). The role is responsible for ensuring the highest standards of data governance, driving compliance with key regulations, and embedding a security-first culture across the organisation.

This position blends policy development, compliance management, and strategic communication. The successful candidate will work closely with leadership, IT, and Risk teams, translating complex regulatory requirements into clear, effective, and audit-ready policies that uphold the firm's reputation for precision and integrity.

Location: Malta

Responsibilities:

As an Information Governance, Communications, and Policy Specialist, your broad responsibilities will include, but are not limited to:

Develop, draft, and maintain internal IT and security policies aligned with ISO27001, GDPR, and other relevant regulatory frameworks.

• Collaborate with IT, Risk, and Compliance teams to ensure policies are practical, effective, and accurately reflect operational processes.

• Monitor regulatory updates from key bodies, perform gap analysis, and recommend necessary policy improvements to ensure continuous compliance.

• Support the end-to-end internal and external audit process for ISO27001, assisting with corrective actions and maintaining all required evidence.

• Act as the primary point of contact for responding to client security questionnaires and due diligence requests.

• Champion internal security awareness initiatives, including training and communications, to foster a robust security culture.

• Ensure all governance documentation is meticulously structured, version-controlled, and audit-ready at all times.

Requirements:

• A degree in Business, IT, Computing, Law, or a related field.

• Progressive experience in a role focused on information governance, compliance, policy management, or IT audit.

• A strong understanding of information security frameworks, particularly ISO27001, and the principles of policy and procedure documentation.

• Experience within a regulated environment (e.g., financial services, corporate services, iGaming, or law firms) is highly beneficial.

• Excellent written and verbal communication skills in English, with the ability to create clear, structured, and polished documentation.

• A proactive and detail-oriented mindset with a proven ability to improve processes and documentation frameworks.

• Strong collaborative skills with the ability to communicate confidently and effectively with stakeholders at all levels.

• Relevant certifications (or progress towards) such as CISA, CISM, CISSP, or CRISC would be considered an asset.

This is an exceptional opportunity to apply your expertise and contribute to the success of a high-performing organisation with a global presence.

What we offer:

Competitive Compensation: You will receive a highly competitive compensation package, which includes a competitive base salary, performance bonuses, and other incentives, all reflective of your experience and contribution.

Work-Life Balance: We value work-life balance and offer flexible working arrangements, recognising that achieving your best in your career requires a healthy balance between work and personal life.