Third Party Risk Specialist
- Job Type:
- Job Industry:
Third Party Risk Specialist
Looking for a Third Party Risk Specialist to join a long term project for an end-user client of mine, offering excellent bonus' and benefits.
- Be part of the Third Party Risk Team and execute formal due diligence and risk assessment processes during the onboarding process where there is a requirement to allow, outsource, or transfer the hosting of information processing facilities and/or the information of the Company to an external supplier, to identify the requirements and specific controls necessary to facilitate and secure information and information processing facilities
- Ensure effective processes and controls are established and maintained to address all identified security requirements following the Due Diligence/Risk Assessment activity, prior to providing the external suppliers access to the company's information and information processing facilities
- Exercise robust processes to maintain and govern the agreements/contracts with external suppliers and partners involving accessing, processing, communicating or managing the UKMU information or information processing facilities, or adding products or services to information processing facilities. Particular attention to GDPR requirements are a must
- Work with relationship owners to establish monitoring and review of Third Party Suppiers and Partners to ensure that the information security terms and conditions of the agreement are being adhered to, and that information security incidents and problems are managed properly. This involves a service management relationship and process between my client and the supplier or partner
- Plan and implement changes to the provision of services, including maintaining and improving existing information security policies, procedures and controls, taking account of the criticality of business systems and processes involved and re-assessment of such services
- Ensure the UKMU IT Asset and Risk registers are updated accordingly with identified weaknesses associated with the UKMU Third Party Suppliers and Partners, and track their action plans accordingly
- Work with the UK Supplier Relationship Management team and the relationship owner to agree and implement remediation plans for Third Party suppliers and partners to address findings of risk assessments and due diligence reviews
- Under the supervision of the Third Party Risk and SLA Manager carry out Third Party onsite audits/assessments documenting the results into audit/assessment reports and risk ratting as requiered
- Responsible for maintaining and protecting the confidentiality and integrity of the UK MU's Third Party Supplier portfolio that access, process and store staff, customer and supplier data.
- My client operates in a highly regulated environment (FCA, PRA, ICO, GDPR, CQC, PCIDSS, etc.) where IT Governance and Information Security is of strategic and commercial importance to my client and underpins every business operation. Loss or compromise of data and information as a consequence of a cyber attack and or poorly managed IT security could lead to significant and adverse impact both from a financial (£millions from fines, lawsuits, etc.) as well as reputation (poor and loss of customer confidence, regulatory sanctions, etc.), affecting the whole organisation.
- The role will have a significant impact on operating cost base.
- Be part of the security specialists function who executes and provides the Third Party Risk & SLA Management capabilities for the UK MU.
- Identify and select security tools and services as required to deliver a robust, fit for purpose, secure Third Party Risk & SLA Management capabilities to support and protect the UKMU business operations.
- Manage the remediation plans by working with the relationship owners to close or reduce risks, audit points and outstanding areas of concern as a result of the security questionnaires or onsite audit/assessments
- Conduct regular security due diligence and service level reviews of partners and suppliers against Information Security Policies and Standards to ensure optimal levels of security are maintained
- Ensure an accurate log of evidence is maintained proving that controls stipulated by the third party can be substantiated
- During the onboarding process work with technical and solution architects to provide security and risk consultancy around third party services identifying potential risks and offering advice
Qualifications and Training:
- Demosntrable experience in Information Security Management or IT Assurance (e.g. CISSP, CISM, CISA)
- A sound understanding of British and International Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002, NIST, CSC20, PCIDSS) relevant UK and EU privacy legislation (especially Data Protection Act 1998 and EU GDPR) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC).
- Able to demonstrate a professional and domain expertise in Third Party Risk Management, including a background in IT infrastructure.
- Strong interpersonal, communication and influencing skills with the confidence and ability to operate effectively at all levels including third parties and external customers
- 5+ years professional experience in regulated Financial services markets with equivalent IT Industry experience
- Ability to work under pressure maintaining tight deadlines, high concentration levels and keeping up with work flow requirements
Please get in touch ASAP for interviews next week!