Job Description Third-Party Information Risk Analyst - Contract to Permanent
I'm currently working with one of the largest global Insurance company on a Third-Party Information Risk Analyst. My client is looking for someon to join their regional team to provide Third Party Information Risk Management governance, assessment, and related activities.
This is a 1 year extendable / convertible to permanent contract role.
About the role:
This resourcing requirement is responsible for supporting the management of Third-Party Information Security Risk for the APAC organisation. This includes performing the inherent risk ranking of all suppliers in relation to Information Security Risk, providing oversight and responsibility for the outsourced team completing remote and on-site assessments of higher risk third parties and prioritising reviews where appropriate.
The role directly contributes to the regional Information Security teams by providing metrics, maintaining a Third-Party Asset inventory, and tracking both risk remediation and control compliance.
Roles and Responsibility:
Act as the regional lead within the clients team and Cloud Governance Committee
Independently executed information security due diligence on third parties including cloud technology implementations
Understanding complex technology and line of business projects, identifying, and analysing complex security issues, and providing sound guidance to stakeholders to mitigate risk
Lead and be involved in discussions with stakeholders to understand inherent information security risks presented by technology or business
Lead and be involved discussions with stakeholders to understand inherent information security risks presented by technology or business projects involving third parties s projects involving third parties
Liaised with procurement, legal, and third parties to formalize, review, and negotiate information security requirements in agreements within the APAC region
Represent APAC region and work with Global Third-Party Risk Management team on the vendor backlog project to identify the existing high-risk vendors
Collaborated with Global team to align the work plan to rollout the new Third-Party Risk Management process
High level of business acumen, preferably in a regulated/financial industry
4+ years of information security experience with a focus on risk assessments and controls, governance, risk management, program development, compliance, and/or auditing.
Previous experience of supporting or managing a Third-Party risk assessment programme is essential
Strong risk-based analysis and decision-making skills
Experience interpreting and applying information security standards and frameworks or attestation reports
Experience reviewing, and redlining agreements
If this sounds like a role you would like to apply for, please send across your latest resume to email@example.com with the below details for a confidential discussion.