Cyber Security Third Party Contract Assistant Manager
Location: Kingston/Port Sunlight Office, Kingston upon Thames, England, United Kingdom
Job Purpose
To protect Unilever information assets through implementation and operation of a third party contracting governance framework, supporting the Third Party Contract Assurance Manager in ensuring only those suppliers able to meet Unilever’s security requirements are engaged by the Unilever business functions, that all suppliers have the required cyber security contract schedule included in their agreements and that contract compliance is monitored, maintained and appropriately reported. To support the Third Party Contract Assurance Manager in ensuring an adequate level of cyber security schedules are included in the overall supplier contracts so that the contract risk profile of Unilever’s third parties providing or supporting Unilever information and systems is adequately managed and addressed. A key aspect of the role is to manage multiple stakeholders including Business Information Security Officers, Technical Information Security Officers, Business Owners, Legal, Privacy, Procurement, IT and suppliers. Operate the cyber security third party contract remediation framework, providing analysis and reporting to senior management and to the executive team. Track contract status of suppliers such as managed service providers, cloud providers, business consultancies and supply chain suppliers and maintain an ongoing view of the risk profile.
Operational scope
Global enterprise wide, incorporating key linkages to Privacy, Legal & Procurement.
Responsibilities
To help manage the third party cyber security risk to Unilever information assets and systems. The following represent the main deliverables for this role.
REPORTING & ANALYSIS
* Operate a third party cyber security contracting governance framework including analysis, implementation, remediation and reporting processes to enable management and oversight of contract compliance.
* Support the identification and evaluation of the third party cyber security contract gaps for each Unilever supplier and for each type of supplier.
* Provide reporting to senior management and executives to support their understanding of the overall management of third party cyber security contract schedule implementation and supplier contract risk profile to enable escalation and decision making.
CYBER SECURITY CONTRACT REMEDIATIONS
* Support the Contract Assurance Manager in remediation of identified issues with suppliers, while working with Unilever business owners, suppliers and external remediation service providers to ensure prompt resolution of identified issues.
* Support communications and engagement activities with Unilever business/service owners, internal Cyber Security and legal teams, as well as suppliers and managed service providers.
* Establish and maintain supplier relationships by serving as a key point of contact for contractual matters relating to cyber security.
* Provide contract related issue resolution, both internally and externally from a cyber security standpoint.
GOVERNANCE AND COMPLIANCE
* Support the operation of governance of cyber security schedules and processes for key suppliers.
* Support the operation of required ongoing compliance activities for key suppliers.
* Operate metrics and performance indicators for all aspects of the third party cyber security contract framework.
* Responsible for ensuring compliance in relation to cyber security contracts for new supplier onboarding, existing suppliers’ extension and renewal, and communicate contractual changes to all stakeholders.
* Understand changes to standard clauses, and highlight deviations and risks, if outside of standard clauses.
* Ensure the organisation's internal contract templates for cyber security are accurate and up to date.
* Identify opportunities to improve current contract processes and devise plans to implement these changes.
* Ensure overall contract compliance by working with all relevant stakeholders to confirm that the right cyber security schedule is included in the final contract with the third parties.
STAKEHOLDER MANAGEMENT
* Support the development and management of stakeholder relationships within Unilever and with key third parties, including within the Cyber Security team, Legal, Digital Marketing, HR, local Data Protection Officers and other businesses.
* Support the Third Party Contract Assurance Manager in acting as a key point of engagement within the Cyber Security team, Privacy, Legal, Procurement and Business Integrity.
Direct Reports
Not specified in the provided content.
Key Interfaces
* IT Security Operations
* Cyber Security
* Legal (including external legal counsel)
* Procurement
* Data Privacy
Qualifications
Essential
* Min 3 years hands-on experience in Information/Cyber Security role.
* 5 years industry experience working within a large complex business environment requiring analysis of data flows and making balanced risk decisions.
* Providing risk-based security evaluations and evidence of assessing, identifying and reporting risks resulting from a control framework.
* Ability to influence resources not in your control to achieve outcomes.
Preferable
* Experience working with corporate cloud supplier relationships.
* Experience within a consumer goods or retail environment.
Senioritiy level Mid-Senior level
Employment type Full-time
End of refined description.
#J-18808-Ljbffr