Information Security Consultant - Third party Risk

dunnhumby is the global leader in Customer Data Science, empowering businesses everywhere to compete and thrive in the modern data-driven economy. We always put the Customer First.

Our mission: to enable businesses to grow and reimagine themselves by becoming advocates and champions for their Customers. With deep heritage and expertise in retail – one of the world’s most competitive markets, with a deluge of multi-dimensional data – dunnhumby today enables businesses all over the world, across industries, to be Customer First.

dunnhumby employs nearly 2,500 experts in offices throughout Europe, Asia, Africa, and the Americas working for transformative, iconic brands such as Tesco, Coca-Cola, Meijer, Procter & Gamble and Metro.

Key Responsibilities

• Manage and assess a portfolio of third parties in-line with dunnnhumby’s Third Party Assurance framework and information security standards, ensuring each step is completed within SLA
• Work with third parties to review technical and governance controls and identify weaknesses / non-compliance as control gaps
• Track and manage gaps and risks both internal and at third parties through to remediation
• Maintain an up-to-date record of third parties that provide services to dunnhumby
• Assist in overseeing risk mitigations involving both third parties and internal stakeholders
• Validate risk rating of new and existing third parties through the Business Impact Assessments
• Support the continuous improvement of the Third Party Assurance and risk management processes
• Undertake third party site visits to validate the status of vendor controls
• Be the central point of contact for queries related to third party assurance
• Build and manage stakeholder relationships with the business and third parties
• Coordinate and deliver risk and metrics reporting, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of suppliers
• Provide an assurance and advisory role to dunnnhumby’s internal teams on the implications of IT and data security for dunnhumby
• Consult with internal technical teams relating to third party controls
• Monitor on-going compliance of suppliers within set schedules depending on their risk profile

Qualifications and Experience

• CISSP, CISA, CISM , Master’s degree or equivalent in Information Security
• Risk Management
• Experience with information security standards and risk frameworks such as NIST/ISO27000/ISO31000/PCI-DSS
• Information and Cyber Security best practices
• Stakeholder management
• IT Systems Auditing

What you can expect from us

We won’t just meet your expectations. We’ll defy them. So you’ll enjoy the comprehensive rewards package you’d expect from a leading technology company. But also, a degree of personal flexibility you might not expect.  Plus, thoughtful perks, like flexible working hours and your birthday off.

You’ll also benefit from an investment in cutting-edge technology that reflects our global ambition. But with a nimble, small-business feel that gives you the freedom to play, experiment and learn.

And we don’t just talk about diversity and inclusion. We live it every day – with thriving networks including dh Gender Equality Network, dh Proud, dh Family, dh One and dh Thrive as the living proof. Everyone’s invited.

Our approach to Flexible Working

At dunnhumby, we value and respect difference and are committed to building an inclusive culture by creating an environment where you can balance a successful career with your commitments and interests outside of work.

We believe that you will do your best at work if you have a work / life balance. Some roles lend themselves to flexible options more than others, so if this is important to you please raise this with your recruiter, as we are open to discussing agile working opportunities during the hiring process.

For further information about how we collect and use your personal information please see our Privacy Notice which can be found (here)