Responsibilities & Duties
• Leading the function in support of 3rd party information security risk management and assessments
• Managing the full lifecycle of third-party assessments and meeting mandatory requirements across standards
• Leading the implementation of capability to enable understanding of external information security posture for key suppliers in correlation of services we consume
• Leading information security 3rd party risk management processes in alignment to established practices
• Maintain overall assessment process and improvements
• Manage team of 3rd party information security assessors; run regular sessions with your team to quality review third parties security risk and ensure appropriate processes followed to gain remediation plans
• Ensure full review of security gaps, risk and potential exposures are identified
• Manage escalations of third parties risk for acceptance and/ or decisions
• Create consistent and accurate data reporting to identify trends and emerging risks across third parties and business segments
• Develop strong relationships with key influencers across business, technology and third parties
• Drive recommendation for updates to the third party standard and controls
• Support development of change activities and programs to be planned to close security gaps
• Manage any regulatory, audit and other mandatory requirements pertaining to supplier information security
Education Qualification Degree in a relevant Business or Information Technology area
Experience Band 10-15 yrs.
Technical Skills:
Need to have Skill Proficiency
Third Party information security risk management Advance
ITGC Controls Advance
Contract reviews Intermediate
Supplier information security assessment Advance
IS Governance and Compliance Advance
Technical Skills:
Nice to have Information Security specific qualification (such as CISM, CISSP) Advance
Security and Privacy regulations Advance
Security Operations – Technical Intermediate
SOC2 reports and other security assessment report reviews Intermediate
NA