Information Security - Customer and Supplier Assurance Manager
at Glory Global Solutions
Basingstoke, England, United Kingdom -
| Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
|---|---|---|---|---|---|---|---|
| Immediate | 02 Oct, 2024 | Not Specified | 04 Jul, 2024 | N/A | Cloud Security,Service Providers,Cisa,Servicenow,Supplier Management,Iso,Supply Chain,Communication Skills,Security Controls,Cissp,Nist | No | No |
Required Visa Status:
| Citizen | GC |
| US Citizen | Student Visa |
| H1B | CPT |
| OPT | H4 Spouse of H1B |
| GC Green Card |
Employment Type:
| Full Time | Part Time |
| Permanent | Independent - 1099 |
| Contract – W2 | C2H Independent |
| C2H W2 | Contract – Corp 2 Corp |
| Contract to Hire – Corp 2 Corp |
Description:
ROLE TITLE: Information Security – Third – Party Risk Assurance Manager
FUNCTION: Information Security
REPORTING: Director, Information Security
LOCATION: Basingstoke
EDUCATION LEVEL:
- A technical degree or professional qualification
- Formal security qualifications, such as CISA, CISSP, CRISC or ISO 27001 would be of interest
- Knowledge of cloud security and third-party cloud service providers is desirable
REQUIRED SKILLS AND COMPETENCIES
- Contributing to an effective Information Security culture in support of business objectives
- Establishing and maintaining relationships across stakeholders by monitoring and engaging with the functional teams, partners, and the customer on relevant standards and frameworks
- An excellent understanding of Information Security controls
- Knowledge of cyber security frameworks such as NIST, ISO27001, or CIS is desirable.
- Ability to appropriately identify and manage Information Security risks associated with the supply chain, in line with the business’s risk/cost appetite
- Experience in leading and conducting Information Security supplier risk assessments.
- A good understanding of supplier management covering procurement, legal and commercial activities
- Able to produce clear and comprehensive requirements documentation and flows
- Strong written and verbal communication skills
- Commitment to excellence and high standards; strong organizational skills; able to manage time, priorities and workload
- Ability to work autonomously and drive improvement
- Comfortable to challenge seniority and existing processes
- Knowledge of OneTrust or ServiceNow and advantage
Responsibilities:
ROLE PURPOSE
In this newly created position, you will be responsible for leading and managing third-party Information Security risk assurance activities. The candidate will work closely with the procurement team, business units, and third-party vendors to ensure that all third-party risks are identified, assessed, and managed effectively.
You will be required to use your knowledge and experience to communicate risks, controls, ownership and accountability within the supply chain, ensuring Information Security is an integral part of supplier management activities. Within this role, you will also be responsible for working with our customers to provide assurance of our security programme and controls across both our Enterprise corporate activities and the Glory product suite. This will involve working across functional teams to take a ‘ground up’ approach to managing Information Security risk within the supply chain, advising on the correct approach and the necessary actions that will be required.
You will be responsible for supporting customer audits and responding to customer queries on Information Security and Information Systems and the associated functional processes and controls. This will include managing the closure of any actions raised. This new role offers an opportunity to be the focal point for our third-party risk assurance programme, ensuring we perform the necessary measures to protect our business and that of our customers.
You must be a highly effective communicator and a supportive team player, taking a consultative approach whilst maintaining the integrity and independence of the General Affairs department. You will combine an ability to navigate organisational politics and manage stakeholders, with a talent for operational delivery and a strong sense of accountability for results.
MAIN RESPONSIBILITIES
- Assessment and evaluation of suppliers’ capabilities against applicable requirements, including GGS policies, standards and procedures
- Management of the supplier due-diligence process including creation of supplier due diligence assessments and a central repository for frequently asked questions
- Lead and conduct Information Security risk assessments of suppliers and vendors.
- Work with procurement and business units to ensure that suppliers and vendors comply with cyber security policies and standards.
- Monitor suppliers and vendors for cyber security incidents and vulnerabilities
- Develop and maintain metrics to measure the effectiveness of the supplier and vendor Information Security risk management program
- Lead the completion of customer RFP, RFI due-diligence responses. working across multiple functions, including Sales, Product Development, Information Security and Information Systems to collate applicable information
- Manage customer audit requirements co-ordinating requests and actions with other functional teams where required
REQUIREMENT SUMMARY
Min:N/AMax:5.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Software Testing
Graduate
Proficient
1
Basingstoke, United Kingdom
