Accessibility Links

Information Security Consultant - Third Party Risk

  • Location: City of London
  • Salary: £450 - £500 per day - (Outside IR35)
  • Job type: Contract/Temp
  • Job reference: JEM / 172844
  • Sector: Cyber Security, Information Security
Job Description
Information Security Consultant required for market leading financial services firm who are undertaking an Information Security Third Party Risk programme. This role will mainly be focusing on leading the management of Third-Party Information Security Risk for the EMEA organisation. This includes performing the inherent risk ranking of all suppliers in relation to Information Security Risk, providing oversight and responsibility for the outsourced team completing remote and on-site assessments of higher risk third parties and prioritising reviews where appropriate. The role directly contributes to the Global and EMEA Information Security teams by providing metrics, maintaining a Third-Party Asset inventory and tracking both risk remediation and control compliance. 

You will also have the opportunity to be involved in a number of different high profile Information Security work streams with a broader focus on information security risk management, control assurance, policy governance and compliance.

The role and programme have been developed in the region and are now being used as the benchmark for Global Third-Party risk management. Part of the remit of this role will also be to develop and enhance the programme into an automated tool and align process and procedure with other functions to help streamline the broader scope of Vendor Management and onboarding.
 
Responsibilities:

Management and completion of inherent risk ranking of ALL suppliers in compliance with Third-Party Information Risk Management policy. This includes liaising with and working with the Global Third-Party team as well as Business relationship Owners.
Risk assessments and management of Cloud providers in accordance with the process set by the firm’s Global Cloud Governance Committee.
Identification, tracking and management of risks and control deficiencies relating to Third Parties, including liaising with the business owners to support remediation activities.
Maintenance and management of the Information Security Third Party Inventory and the Asset Control Register in co-ordination with the Enterprise Risk Management strategy and approach.
Management and oversight of the external resources performing Third Party assessments to ensure performance to SLA’s.
Reviewing information security policies, standards, guidelines, and baselines in place and being developed.
Contributing towards Security Awareness Training for the wider organisation and helping the business to improve understanding of and reduce Third Party risk to acceptable levels.
Assist with internal security reporting, including steering committees and updates for senior management. 
Management of Third-Party related information security projects.
Develop and enhance the programme, progressing currently identified and future improvements to make the function more effective and efficient. 
Provide support to the Head of CR&A and engage with the wider Information Security team.

As an ideal candidate, you will have an industry certification such as CISSP/ CISM/ CRISC and have expert knowledge in Information Security and Third-Party Risk Management. You will also have proven experience of independently leading information security third party risk programmes in previous roles. Experience within insurance or financial services is preferred. 
Similar jobs
Security Operations Consultant - Playbooks
  • Location Remote
  • Salary £400 per day (outside IR35)
  • Job type Contract/Temp
  • Sector Cyber Security, Information Security , Interim
  • Description Security Operations Consultant – 3-Month Contract – Remote   My client, a multinational insurance firm, are recruiting a 3-month contract for a Security Operations Consultant
Application Security Engineer
  • Location Remote
  • Salary To £100,000 + benefits
  • Job type Permanent
  • Sector Commerce and Industry
  • Description Fully remote Application Security Engineer opportunity to lead the AppSec function in this growing global tech company.
Lead Cloud Security Engineer
  • Location South East of England
  • Salary £85-95,000 + excellent cash benefits
  • Job type Permanent
  • Sector Commerce and Industry
  • Description Opportunity to join a FTSE100 company as a Lead Cloud Security Engineer.
Lead DevOps Security Engineer
  • Location South East of England
  • Salary £85-95,000 + excellent cash benefits
  • Job type Permanent
  • Sector Commerce and Industry
  • Description Opportunity to join the growing Security Engineering team at this FTSE100 firm, working partly from home and partly in their Surrey office.
Related news