Third Party Assurance Security Consultant - Banking - Information Security
Excellent opportunity opens for a
Third Party Assurance Security Consultant
will take full ownership of the organisation's third-party assurance programme, driving the ongoing maturity and enhancement of supplier security risk management. The role will focus on delivering end-to-end assurance activities across the supplier lifecycle, ensuring that our third-party relationships meet the organisation's
Information Security standards
, regulatory obligations, and risk appetite.
The successful candidate will be responsible for developing, enhancing, and executing processes for supplier assurance, producing detailed reports, and effectively engaging with key stakeholders to drive risk mitigation and improved security practices across the supply chain.
The main purpose of the
Third Party Assurance Security Consultant
role is to:
* Take full ownership of the organisation's third-party assurance programme, driving the ongoing maturity and enhancement of supplier security risk management.
* Deliver end-to-end assurance activities across the supplier lifecycle, ensuring that third-party relationships meet information security standards, regulatory obligations, and the Bank's risk appetite.
* Develop, enhance, and execute processes for supplier assurance, producing detailed reports and effectively engaging with stakeholders to drive risk mitigation and improved practices across the supply chain.
Key Responsibilities:
* Represent Information Security as the lead owner of the third-party assurance process, ensuring effective execution of supplier security assessments and reporting.
* Lead the ongoing enhancement and maturity of the supplier assurance framework and associated processes.
* Carry out end-to-end supplier assurance activities, from initiating assessments and conducting detailed evaluations through to producing final reports and presenting findings to stakeholders.
* Manage and track the supplier assurance portfolio
on a BAU basis, ensuring timely assessments, remediation tracking, and escalation of risks.
* Develop, refine, and embed supplier security assurance processes to align with best practice, regulatory requirements, and business objectives.
* Introduce process improvements
to increase efficiency, consistency, and quality of assessments.
* Contribute to the continuous enhancement of supply chain security assurance and third-party risk management capabilities.
* Lead day-to-day development and execution of supplier security assessments, ensuring risks are identified, documented, and managed.
* Engage with suppliers and internal stakeholders
to obtain evidence, challenge responses, and validate assurance activities.
* Produce high-quality assurance reports for business and security leadership, ensuring risks and recommendations are clearly articulated.
* Act as a trusted advisor to stakeholders on third-party risk, helping to balance commercial drivers with effective security controls.
Professional Qualifications:
* Security certification required: CISSP, CISM, CISA, or equivalent professional security qualification.
Relevant Experience:
* 4-5 years' experience in Information Security, with significant exposure to third-party risk management and supplier security assurance.
* Broad third-party assurance experience, including leading end-to-end supplier assessments.
* Strong understanding of supply chain security assurance, including regulatory and industry best practices.
* Ability to plan, organise, and prioritise tasks effectively, balancing pragmatism with effective risk management.
* Strong stakeholder engagement and influencing skills, with experience presenting findings to both technical and non-technical audiences.
Interested? Please Apply in Information Security Third Party Assurance InfoSec Portfolio Assessments 3rd Party