Description
Third-party risk consultant required for leading security consultancy. The primary purpose of the role is to fulfil client assurance requests and questionnaires, and support supplier risk assessments.
Tasks and Responsibilities
- Ability to lead information security-related assessments independently.
- Able to work collaboratively with teams from other disciplines within the global organisation and with the suppliers and clients.
- Able to manage concurrent complex activities to short timescales.
- Able to work under pressure to deliver good quality assessment reports.
- Perform on-site and/or remote third-party security assessment of critical suppliers across business units that transmit, process or store sensitive data.
- Work with existing and new suppliers to confirm exit strategy, data retention and data return measures.
- Own the Back Office functions and activities including assurance scheduling, reporting and remediation management for agreed supplier(s).
- Assist the team in a continuous improvement regime.
- Go-to resource for a defined set of suppliers whilst working as part of a global team to provide supplier data security advice and guidance.
Requirements
- Experience of conducting information security assessments, deep-dive multi-day assessments or audits.
- A recognised security certification such as CISSP, CISA, CISM, ISO/IEC 27001 Lead Auditor, CCSK or CCS, or equivalent experience.
- Ability to produce high quality audit or assessment reports.
- Good knowledge of all domains within security eg cloud, security management, service management, BCM, physical, GDPR/data protection.
- Good communication and influencing and negotiation skills.
- Experience in similar role for a complex global organisation (consultancy, insurance or financial services sector preferred but not essential).
- Ability to explain technical complex concepts to non-technical stakeholders and suppliers.
- Degree, or similar academic qualification or experience
As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of information risk. You will also have a proven track record of delivery in a similar role.