As an Information Security Supply Chain Analyst, you'll verify that third parties meet the minimum-security requirements to protect our organisation from a supply chain related attack or incident. You'll apply relevant risk mitigations and deal with multiple stakeholders to ensure end to end treatment is applied. You'll also be part of our PMO and governance and compliance processes and will deliver updates to senior management in meetings and information security forums, whilst ensuring the business remains compliant to regulatory frameworks and good practice standards. This role works within the Information Security Team and collaborates with other teams such as Privacy, Legal, Group Risk, Infrastructure, SecOps and Procurement, providing you with great opportunities for stakeholder engagement - it\'s a great time to join us at S&W. This role is a permanent position to be based at our Liverpool, Bristol or Birmingham offices on a hybrid working pattern with minimum 2 days per week in the office. The interview process will be in two stages and will consist of one face to face interview at the Liverpool office. Your responsibilities will include among others
* Perform internal information security risk assessments and recommend mitigation actions to be implemented in solutions
* Perform vendor risk assessments and due diligences on third parties and recommend mitigation actions to be implemented by third parties
* Assess third party adherence to the minimum-security standards and record/track deviations or concessions
* Operate a risk-based assurance approach to ensure key third parties continue to comply with the defined security requirements
* Generate MI and reporting on third-party assessments and maintain risk profile of third parties
* Reviewing information security controls on an ongoing basis against the changing risk landscape to evaluate changes in residual risk and assess the sufficiency of the corresponding compensating control(s) or the need for new controls S&W Group is looking for an experienced Information Security Risk Professional with expertise in security compliance and assurance, ISO 27001 implementation, PMO (project management office), risk assessments, supply chain and working on other governance, risk and compliance projects within a team. You\'ll be highly motivated, pro-active and will become a productive member of a busy Information Security team, gaining exposure to a number of areas across the business.
#J-18808-Ljbffr