Third Party Security Risk Manager
The business I represent is a global leader in its sector and help millions of people across the world. They have an extremely talented Information Security team who are securing and protecting the nations critical national infrastructure. The team is currently going through an exciting growth stage with hiring happening across their risk and technical security teams.
An important requirement is within the Third Party Information Security Risk team for a Manager. You will ensure that the supply chain and third party suppliers are secure by leading a team of Analysts to identify and secure risks.
Senior Analyst role in the team also available.
The role is currently fully remote, but once Covid related restrictions are relaxed it will be 2 days office based in either Syracuse, NY or Waltham, MA.
Job role includes management responsibilities over the Technology Risk IT Controls Assurance Supply Chain team; evaluation of supplier risks in relation to services provided specific to Information Security; assist Commercial and Procurement teams in determining related risk and ensure contract terms and conditions align to compliance and risk management needs. To support supplier evaluations, identify control deficiencies to ensure compliance with regulations and internal controls; recommend improvements in internal control structure; conduct independent control assessments of third parties.
- Manage and support control analysts, responsible for performing supply chain assurance assessments.
- Manage various supply chain risk and assurance activities, including supplier assessments, procurement and commercial initiatives and issue management.
- Provide quality checks over compliance with established internal control procedures
- Monitor planned activities and implement change management procedures to assess vendors
- Prepare regular status reports for internal management and IT leadership team.
- Provide team oversight for the Issue Management process to coordinate findings, develop action plans based on risks and confirm that appropriate steps are taken to close out findings.
- Participate in discussions regarding controls in support of Compliance with International, Federal, State, and local requirements.
- Partner with Procurement, IT Commercial and Security teams to establish end to end supply chain risk and assurance activities that will occur throughout the contract lifecycles.
- Work with internal stakeholders, including data privacy, regulatory, legal and IT to build and maintain relationships and deliver value.
- Strong leadership, influencing and analytical skills, demonstrating sound judgement and decision making, and be able to credibly interact professionally at all levels across the organization.
- Able to demonstrate a high degree of credibility and influence senior stakeholders within the organization and key external stakeholders.
- Must have general understanding of Information Security techniques, controls and risk management principles.
- Must be an effective communicator with strong presentation skills and be able to communicate up and out on risks related to the supply chain allowing management to make informed risk-based decisions.
- Must be able to demonstrate working knowledge of UK and US regulations and inform management of gaps and needs. Examples include the General Data Protection Regulations (GDPR), US Data Privacy, UK NIS, US NERC CIP, SOx.
- Must have strong background in process development to enhance current processes to include risk management and assurance activities related to Supply Chain.
- Ability to manage others and expand sphere of influence and drive change in commercial decisions regarding compliance needs
- Understanding of assessing third party service providers and associated risks
- Strong presentation skills
- Strong understanding of Information Security and associated risks
- Strong interpersonal skills (ability to bring people together to solve complex issues)
- Knowledge of control frameworks (NIST, ISO, etc.)
- A relevant certification such as a CISM, CRISC or CISA is preferred
- Working knowledge of RSA Archer will be beneficial
If you are a Third Party or Supply Chain security professional with experience leading a team then please apply to find out more about this exciting opportunity!