Accessibility Links

Information Security Consultant - Third Party Risk

  • Location: City of London
  • Salary: £450 - £500 per day - (Outside IR35)
  • Job type: Contract/Temp
  • Job reference: JEM / 172844
  • Sector: Cyber Security, Information Security
Job Description
Information Security Consultant required for market leading financial services firm who are undertaking an Information Security Third Party Risk programme. This role will mainly be focusing on leading the management of Third-Party Information Security Risk for the EMEA organisation. This includes performing the inherent risk ranking of all suppliers in relation to Information Security Risk, providing oversight and responsibility for the outsourced team completing remote and on-site assessments of higher risk third parties and prioritising reviews where appropriate. The role directly contributes to the Global and EMEA Information Security teams by providing metrics, maintaining a Third-Party Asset inventory and tracking both risk remediation and control compliance. 

You will also have the opportunity to be involved in a number of different high profile Information Security work streams with a broader focus on information security risk management, control assurance, policy governance and compliance.

The role and programme have been developed in the region and are now being used as the benchmark for Global Third-Party risk management. Part of the remit of this role will also be to develop and enhance the programme into an automated tool and align process and procedure with other functions to help streamline the broader scope of Vendor Management and onboarding.
 
Responsibilities:

Management and completion of inherent risk ranking of ALL suppliers in compliance with Third-Party Information Risk Management policy. This includes liaising with and working with the Global Third-Party team as well as Business relationship Owners.
Risk assessments and management of Cloud providers in accordance with the process set by the firm’s Global Cloud Governance Committee.
Identification, tracking and management of risks and control deficiencies relating to Third Parties, including liaising with the business owners to support remediation activities.
Maintenance and management of the Information Security Third Party Inventory and the Asset Control Register in co-ordination with the Enterprise Risk Management strategy and approach.
Management and oversight of the external resources performing Third Party assessments to ensure performance to SLA’s.
Reviewing information security policies, standards, guidelines, and baselines in place and being developed.
Contributing towards Security Awareness Training for the wider organisation and helping the business to improve understanding of and reduce Third Party risk to acceptable levels.
Assist with internal security reporting, including steering committees and updates for senior management. 
Management of Third-Party related information security projects.
Develop and enhance the programme, progressing currently identified and future improvements to make the function more effective and efficient. 
Provide support to the Head of CR&A and engage with the wider Information Security team.

As an ideal candidate, you will have an industry certification such as CISSP/ CISM/ CRISC and have expert knowledge in Information Security and Third-Party Risk Management. You will also have proven experience of independently leading information security third party risk programmes in previous roles. Experience within insurance or financial services is preferred. 
Similar jobs
Internal Penetration Tester
  • Location Manchester
  • Salary To £55,000 + benefits + bonus
  • Job type Permanent
  • Sector Commerce and Industry
  • Description Excellent opportunity for an experienced penetration tester to build PenTesting as an internal service for a global media company based in Manchester.
Senior Incident Response Consultant
  • Location UK Wide- Remote
  • Salary £70,000-85,000+Bens
  • Job type Permanent
  • Sector Cyber Security, Information Security
  • Description My client, a highly specialised security consultancy are seeking a hands on senior incident response consultant to join their function on a remote basis.
Cyber Incident Response Director
  • Location UK Wide- Remote
  • Salary £110,000 to £130,000+Bens
  • Job type Permanent
  • Sector Cyber Security, Information Security
  • Description My client, a well-known cyber security consultancy, are seeking to hire a director to help lead their incident response function.
Tech Optimisation Security Product Owner
  • Location London
  • Salary £70,000 - £80,000
  • Job type Permanent
  • Sector Cyber Security, Technology Risk
  • Description Working within the cloud centre of excellence team this role would be to own a selection of Tech Optimisation Security capabilities.
Related news