Third Party Risk Analyst
- Job Type:
- Job Industry:
Third Party Risk Analyst.
Looking for a Third Party Risk Analyst to join a long term project for an end-user client of mine, offering excellent bonus' and benefits.
Accountabilities & Activities
This role will assist the Third Party Risk and SLA Manager with third party due diligence activities which include but are not limited to:
Third Party Supplier Management:
- Carry out risk assessments of third party suppliers and partners for compliance with Information Security Policies and Standards
- In collaboration with UK Information Governance, respond to external customer security due diligence questionnaires within defined Service Level Agreements
- Ensure that contract schedules are defined and maintained at an adequate level
- Conduct regular security due diligence and service level reviews of partners and suppliers against Information Security Policies and Standards to ensure optimal levels of security are maintained
- Assist the Third Party Risk and SLA Manager in carrying out onsite security audits/assessments of third party suppliers and partners
- Maintain the programme of onsite audits/assessments by booking these in with the third party and the relationship owner well in advance of the audit. Maintain an annual schedule of onsite audits/assessments
- Work with the UK Supplier Relationship Management team and the relationship owner to agree and implement remediation plans for third party suppliers and partners to address findings of risk assessments and due diligence reviews
- Monitor the risk profiles of the third parties ensuring risks and audit points are tracked and remediated
- Contribute to the onboarding of new vendors process by carrying out due diligence IT security/Risk checks on the chosen vendors
- Finalise third party audit/assessment reports by working with the Third Party Risk & SLA Manager and the third party to obtain outstanding evidence or information required for successful completion
- Develop lasting relationships with both internal stakeholders and third parties building partnerships that will help the team reach its goals
Support cultural change:
- Adopt and promote a cultural shift in IT and Security awareness and responsibility.
- Assist in shaping and influencing new models in the UKMU and ways of working across the group.
- Motivate the wider community to ensure a strong IT and Security culture, ethos and awareness is maintained.
Qualifications, Training and Experience:
- Educated to Degree or equivalent level
- Industry certifications such as Comptia Security +, CISSP, CISM, CISA, CRISC
- Ability to understand the business requirements my client use the third party for and adapt the strategy accordingly
- Extremely good organisational, communication, analytical, documentation and administration skills with a good eye for detail
- Experience producing security documentation and other technical analysis reports
- Experience working in a team-oriented, collaborative environment
- Demonstrate very strong proven experience of IT and Security governance systems such as those mentioned within the Job Purpose
- Ability to communicate effectively with technical and non-technical audiences
- 5+ years professional experience in regulated Financial service markets with equivalent IT Industry experience
- Exposure to prevalent industry standards such as ISO27001, FCA, PRA, ICO, PCI-DSS, CIS, NIST etc
- Strong interpersonal, communication and influencing skills with the confidence and ability to operate effectively at all levels including third parties and external customers
- Ability to work under pressure maintaining tight deadlines, high concentration levels and keeping up with work flow requirements
Please get in touch ASAP for interviews next week!