Cyber Security Third Party Contract Assistant Manager
Join to apply for the Cyber Security Third Party Contract Assistant Manager role at Unilever.
Please Note: The deadline for applying is 23.59 the day before the job posting end date.
Job Title: Cyber Security Third Party Contract Assistant Manager
Business Function: Cyber Security
Location: Kingston/Port Sunlight Office
Work-Level: 1C
Reports to: Third Party Contract Assurance Manager
Hiring Manager: Ulrika Sahlstrom
Job Purpose
To protect Unilever information assets through the implementation and operation of a third party contracting governance framework, supporting the Third Party Contract Assurance Manager in ensuring only suppliers able to meet Unilever’s security requirements are engaged, that contract security schedules are included in supplier agreements, and that contract compliance is monitored and reported. To support ensuring an adequate level of cyber security schedules in supplier contracts so the contract risk profile of third parties is adequately managed. A key part of the role is managing multiple stakeholders including Business Information Security Officers, Technical Information Security Officers, Business Owners, Legal, Privacy, Procurement, IT, and suppliers. The role also involves operating the cyber security third party contract remediation framework, providing analysis and reporting to senior management, and tracking the status of contracts with suppliers such as MSPs, cloud providers, business consultancies, and other supply chain partners.
Operational Scope: Global enterprise-wide, with linkages to Privacy, Legal & Procurement.
Responsibilities
* Operate a third party cyber security contracting governance framework including analysis, implementation, remediation and reporting processes to enable management and oversight of contract compliance.
* Support the identification and evaluation of third party cyber security contract gaps for each Unilever supplier and for each type of supplier.
* Provide reporting to senior management and executives to support understanding of contract schedule implementation and supplier contract risk profiles for escalation and decision making.
Cyber Security Contract Remediations
* Support the Contract Assurance Manager in remediation of issues with suppliers, collaborating with business owners, suppliers and remediation service providers to ensure prompt resolution.
* Support communications and engagement with Unilever business/service owners, internal Cyber Security and legal teams, and suppliers.
* Establish and maintain supplier relationships as a key point of contact for contractual cyber security matters.
* Provide contract-related issue resolution from a cyber security perspective.
Governance and Compliance
* Support cyber security schedules governance and ongoing compliance activities for key suppliers.
* Operate metrics and performance indicators for the third party cyber security contract framework.
* Ensure compliance in relation to cyber security contracts for new supplier onboarding, extensions and renewals, and communicate contractual changes to stakeholders.
* Understand changes to standard clauses, highlight deviations and risks if outside standard clauses.
* Keep internal contract templates for cyber security accurate and up to date.
* Identify opportunities to improve contract processes and plan implementation.
* Ensure overall contract compliance by coordinating with stakeholders to include the right cyber security schedule in final contracts.
Stakeholder Management
* Support development and management of stakeholder relationships within Unilever and with key third parties, including Cyber Security, Legal, Privacy, Procurement, HR, and Data Protection Officers.
* Assist in acting as a key point of engagement within the Cyber Security team, Privacy, Legal, Procurement and Business Integrity.
Direct Reports & Key Interfaces
* Interfaces include IT Security Operations, Cyber Security, Legal (including external counsel), Procurement, and Data Privacy.
Qualifications and Experience
Key Skills
* Professional qualification in information/cyber security (e.g., CISM, CISSP) or equivalent preferred.
* Experience in information/cyber security risk management principles and practices.
* Up-to-date knowledge of ISO 27000 series, NIST, GDPR and related frameworks.
* Broad IT knowledge and understanding of its business context.
* Understanding of contracting frameworks for third parties and supplier risk management.
* Knowledge of IT security control requirements and fundamental networking principles.
* Understanding of regulatory aspects of information security including data protection legislation and SOX.
* Excellent communication and stakeholder management skills.
Essential
* Minimum 3 years hands-on experience in an information/cyber security role.
* Approximately 5 years of experience in a large, complex business environment with data flow analysis and risk-based decision making.
* Experience providing risk-based security evaluations with evidence of assessing, identifying and reporting risks from a control framework.
* Ability to influence resource use to achieve outcomes.
Preferable
* Experience with corporate cloud supplier relationships.
* Experience in a consumer goods or retail environment.
Notes
About Unilever: Unilever is a global consumer goods company with brands including Dove, Tresemme, Lynx, Lifebuoy, and others. We are committed to sustainable living and inclusive workplaces. This posting may contain standard diversity and inclusion statements as part of our recruitment process. We do not accept responsibility for recruitment fraud. If you suspect fraudulent activity, report it through official channels.
Recruitment fraud awareness: Unilever does not accept responsibility for candidates financially impacted by recruitment fraud.
#J-18808-Ljbffr