Third Party Risk Management Specialist
">
The Third Party Risk Manager is responsible for implementing the third-party security framework. This includes assessing information security risks of third parties by evaluating their security controls and ensuring supplier and supply chain information security risks to the organization are identified, assessed, and managed.
This role reports to the Information Security Manager.
Key Responsibilities:
* Lead the execution and continuous improvement of the information security supply chain framework.
* Coordinate the BDO supplier and supply chain information security due supplier risk assessment framework and due diligence procedure.
* Support risk-based planning for supplier information security due diligence and risk assessment activities.
* Partner with procurement, contract management, and other key stakeholders to ensure end-to-end third-party processes consider information security.
* Coordinate the gathering of vendor risk assessment data and prepare risk assessments for vendors as needed.
* Understand and apply relevant regulatory and legal compliance requirements.
* Assess vendor risks against organizational contractual requirements and controls.
* Conduct due diligence and assessments of third-party security controls and posture.
* Coordinate the identification and ranking of vendor risks.
* Communicate identified risk requirements to internal stakeholders.
* Build communication and escalation plans around vendor risk management activities.
* Ensure vendor remediation actions, mitigation, and contingency plans are identified and communicated to business owners.
* Track identified risks and risk events through the supplier lifecycle.
* Maintain required activity and risk metrics and other data.
* Report on activities related to third-party supplier assurance as required.
Required Skills and Qualifications:
* Demonstrable experience with supplier and supply chain due diligence frameworks, procedures, data gathering, and information security risk and controls assessment.
* Experience of supplier information security risk management at all stages of the supplier lifecycle from procurement, contracting, on-boarding, contract management, and off-boarding.
* Experience with business service, system, and data architectures.
* Experience of information security audit and assurance.
* Familiarity with formal information security frameworks and certifications such as SOC 2, ISO27001, CE+, CIS top 20, OWASP.
* Excellent verbal, written, and interpersonal communication skills.
* Excellent stakeholder engagement and management experience and skills with the ability to understand complex business structures and services and advise senior stakeholders on information security risks, mitigations, and management strategies.
Benefits:
We offer a range of benefits to support your career development and well-being, including agile working arrangements, training programs, and opportunities for advancement within the organization.
Ongoing Support:
We're committed to providing ongoing support to help you succeed in this role, including regular feedback, coaching, and mentoring opportunities.