Group Cyber - Third Party Assurance Analyst

Third-Party Assurance Analyst (Technology and Cyber Risk)

We are seeking a detail oriented and motivated Third-Party Assurance Analyst to support our Third-Party Assurance Manager in ensuring the security and compliance of our third-party technology suppliers. The Third-Party Assurance Analyst will collaborate closely with the Group Cyber team to develop and implement comprehensive risk management frameworks and artifacts for third party assurance and risk management. Your primary responsibility will be to assist in the risk assessment and assurance processes for third-party technology suppliers and partners. This role involves conducting detailed analyses, monitoring compliance with our standards, and supporting the implementation of assurance and risk management strategies. The ideal candidate will have an established understanding of cybersecurity, risk management, and vendor management. This role will require extensive interaction with business and procurement stakeholders, making strong communication and relationship-building skills essential.  

Key Responsibilities:

• Risk Assessment Support: Assist in conducting cyber risk assessments of third-party technology suppliers and partners to identify potential cybersecurity risks and vulnerabilities, evaluating their risk exposure, security measures, and compliance with industry standards and regulations. Identify and recommend risk mitigation strategies and control enhancements, working closely with the business and suppliers to ensure compliance.
• Standards and Procedure Adherence: Ensure adherence to third-party assurance policies, procedures, and standards in line with industry guidelines and regulatory requirements. Support the design, development, and implementation of risk assessment frameworks tailored for Ardagh’s suppliers.
• Due Diligence: Support the due diligence process for new and existing third-party technology relationships, including reviewing security policies, compliance documentation, and technical controls.
• Monitoring and Reporting:  Create and maintain comprehensive reports and documentation of supplier assessments, risk profiles, and mitigation plans. Help monitor third-party technology activities and performance and assist in preparing regular reports on cyber risk status and mitigation efforts. 
• Collaboration: Work closely with internal stakeholders, including IT, legal, procurement, and compliance teams, to support their needs and alignment with a comprehensive approach to third-party assurance.
• Training and Awareness: Assist in conducting training sessions and awareness programs for employees on third-party cyber risk management and compliance requirements.
• Incident Response: Support investigations and response efforts for any cybersecurity incidents involving third-party technology vendors, ensuring timely resolution and documentation.
• Continuous Improvement: Stay up to date with industry trends identify opportunities for process improvements and support the implementation of best practices to enhance the third-party cyber risk management program. 

Requirements:

• Minimum of 2 years of experience in cybersecurity, risk management, or vendor management, preferably within a technology-focused or regulated industry. 
• Strong understanding of technology risk management, information security, and regulatory compliance. 
• Excellent communication and interpersonal skills with the ability to effectively engage with business and procurement stakeholders. 
• Analytical mindset with the ability to assess complex vendor environments and identify potential risks. 
• Proven ability to work independently and collaboratively in a cross-functional team environment. 
• Strong organizational skills, attention to detail, and the ability to manage multiple tasks simultaneously. 
• Experience with workflow automation tools, specifically Microsoft Power Apps and Power Automate, is a plus.
• Relevant professional qualifications such as CompTIA, SSCP, CRISC, CISA, CISM, CISSP would be beneficial.