I am currently recruiting on behalf of a leading organisation within the Financial Services. They are looking for an Information Security Third Party Assurance Analyst on a permanent basis. The Information Security Third Party Assurance Analyst is a key role within the Operations team ensuring the on-going risks and threats to systems and information is mitigated and managed effectively.
Role: Information Security Third Party Assurance Analyst
Salary: £40,000 - £50,000 + fantastic professional development programme.
The successful candidate will be responsible for the day to day management of third party due diligence activities for assigned third parties. This will include the management of questionnaires, risk analysis and remediation, the creation, updating and accuracy of due diligence documentation and the reporting of risks to Information Security Management.
·Directly interface with vendor management and business owners to determine scope of information security due diligence requirements.
·Document and implement processes and procedures in relation to Third Party Information Security Assurance. Create assurance schedule to effectively monitor and report control effectiveness and business performance for managing third party risk.
·Review the information security third party due diligence questionnaire once completed by a third party.
·Report control deficiencies to the business owner to initiate and subsequently drive remediation. Manage escalation of issues associated with control deficiencies as required.
·Monitor metrics for third party performance and validate that data for business line and risk management reporting.
·Conduct desktop and/or on-site audits of third parties where required.
·Influence and drive continuous improvement in the area of Third Party Information Security Risk Management.
·Build strong relationships across business lines, technology and information security groups.
·Deep understanding of information security, risk management best practice, controls and risk mitigation.
·SME level expertise in respect of information security risk management processes, frameworks and procedures
·Management of third parties - especially offshore, internal business stakeholders and parallel work streams
·Significant understanding of outsource vendor governance and security management practices
·Deep understanding of information security management processes, practices and technical countermeasures.
·Information security delivery expertise within a multi-stakeholder environment with a demonstrable ability to negotiate compromise and gain stakeholder buy in.
·Needs to understand legal requirements of the Data Protection Act and associated regulatory requirements.
The post holder will be required to demonstrate a minimum two years experience and possess or working towards: CISSP, CISM, CISA, ISO 27001 implementer/Lead auditor.