Talenza have been engaged by a multinational business with HQ's in Sydney to find a Cyber Risk Analyst - Vendor and Third party risk.
This is a 6 month contract commencing 28th February.
My client are looking for an experienced cyber security solution specialist with third party vendor risk experience. The complexity of our supply chain calls for an experienced cyber professional to run our existing vendor risk management service as part of the Cyber Security GRC team and improve on the service we are already providing.
They use third party tools and services that provide external scoring posture of our potential vendors. This role will manage the process of assessing the vendors in the context of the solutions and services they provide and manage the end to end process of risk identification and management. This role is closely tied in with the IT procurement process, supply chain processes and Cyber risk.
You will report to the Global Cyber GRC Manager and have responsibility for the effective management of cyber security third party vendor service management across their
You will be required to monitor and analyse performance of our vendors to ensure contractual service levels are achieved, risk is monitored and mitigated commensurate with our risk appetite and the service/solution they are providing.
Successful candidates should have a broad range of expertise across cyber security. We are looking for a dynamic and motivated candidate with strong experience in IT and vendor risk management.
- Assist in conducting security solutions risk analysis for various areas of the business to enable sound cyber risk management
- Assessing operational effectiveness of various IT and other operational systems and/or processes used by different areas of the business.
- Supporting cross-functional teams with project relating to cyber security and vendor risk management.
- Demonstrate a thorough understanding of information systems
- Provide implementation, timing and response advisory to leadership relative to vendor risk remediative actions
- Liaising with security vendors, suppliers, service providers
- Vendor service management
- Vendor governance and tracking, primary contact for a managed service
- Regular reviews making sure service is effective
- Internal stakeholder management
- Manage issues/risks/dependencies
- Monitor and analyse performance of vendors to ensure contractual service levels are achieved (SLA's)
- Coordinate vendor on-boarding and off-boarding activities internally
- Oversee and facilitate the interaction between vendors and internal stakeholders to deliver changes to technology, process and contractual terms
- Project manage transition of or change to services provided by the vendor
- Identify opportunities for improvements in vendor engagement, processes and products and liaise with internal stakeholders to deliver these improvements
- Provide relevant, accurate and timely reporting on vendor performance in risk mitigation and external posture
- Conduct meetings and to perform regular audits and compliance checks
- Assist in developing policies and procedures, as required
- Relationship building and stakeholder engagement
- Manage third party risks effectively and efficiently
Knowledge, Skills & Experience
- Demonstrated knowledge of information security concepts, risk and controls concepts
- Understanding of regulatory requirements for managing risk
- Knowledge of incident management, disaster recovery and business continuity management
- Progress towards or completion of certifications is highly desirable e.g. CISSP, CISM, CCSP, CISA, OSCP, CEH, Security+, ServiceNow Risk and Compliance Implementation Specialist
- Experience in performing security threat and risk assessments and delivering projects relating to security strategy, governance, security architecture and capability improvement
- Technical experience in relation to cloud security, end point security, identity and access management or data protection will be strongly regarded
- Ability to work as part of a global team across multiple countries, cultures and time-zones
- Excellent written and verbal communications skills and the ability to clearly articulate complex security concepts to a broad and diverse audience
- Experience within IT software and Infrastructure
- Good oral and written communication skills
- Knowledge of IT software and infrastructure
- Strong project and time management skills.
- Continuous vigilance and proactive action
- The ability to adapt and operate in a fast paced and changing environment
- Good attention to detail, tracking and reporting skills
- Good stakeholder management
- Experience managing third party vendors
- Understanding of the current threat landscape, response, and mitigation strategies used in cyber security.
One or more of the following certifications is preferred:
- 3-5 years of significant experience within IT service management
- Tertiary qualification in IT, Business or similar
- Good understanding of governance framework and process
- Familiar and confident around ITIL processes