Group Cyber Third Party Assurance Programme Manager

Third-Party Assurance Manager

The Third-Party Assurance Manager will collaborate closely with and report into the Technology Risk team lead to develop and implement comprehensive risk management frameworks and artifacts for third party assurance and risk management. Your primary responsibility will be to oversee and manage the risk assessment and assurance processes for third-party technology vendors and partners. This role ensures that all third-party relationships comply with company policies, industry regulations, and cybersecurity best practices. The ideal candidate will have a strong background in cybersecurity, risk management, and vendor management. This role will require extensive interaction with business, procurement and compliance stakeholders, making strong communication and relationship-building skills essential, while giving the opportunity to learn about every aspect of the business.
 

Key Responsibilities

• Policy and Standards Development: Develop and maintain third-party cyber risk management policies, procedures, and guidelines in line with industry standards and regulatory requirements. Identify and recommend risk mitigation strategies and control enhancements, working closely with procurement/vendors to ensure compliance.
• Cyber Risk Assessment: Conduct thorough cyber risk assessments of third-party technology suppliers and partners to evaluate their risk exposure, security measures, and compliance with industry standards and regulations.
• Due Diligence: Perform due diligence on new and existing third-party technology relationships, including reviewing security policies, compliance documentation, contractual terms and technical controls.
• Monitoring and Reporting: Continuously monitor third-party technology activities and performance and provide regular reports to senior management on cyber risk status and mitigation efforts. Create and maintain comprehensive documentation of vendor assessments, risk profiles, and mitigation plans.
• Collaboration: Work closely with internal stakeholders, including IT, legal, procurement, and compliance teams, to ensure a comprehensive approach to third-party cyber risk management.
• Training and Awareness: Conduct training sessions and awareness programs for employees on third-party cyber risk management and compliance requirements.
• Incident Management: Lead investigations and response efforts for any cybersecurity incidents involving third-party technology vendors, ensuring timely resolution and documentation.
• Continuous Improvement: Stay up to date with industry trends and best practices in third-party risk management and identify opportunities for process improvements, implementing best practices to enhance the third-party cyber risk management program

Knowledge    

• Five years of experience in third-party risk management, including experience in creating assessment frameworks for all categories of suppliers (MSPs, SaaS, IaaS, PaaS, Professional Services etc.). 
• Strong understanding of technology risk management, information security, and regulatory compliance. 
• Excellent communication and interpersonal skills with the ability to effectively engage with business and procurement stakeholders. 
• Analytical mindset with the ability to assess complex supplier relationships and environments and identify potential risks. 
• Proven ability to work independently and collaboratively in a cross-functional team environment. 
• Strong organizational skills, attention to detail, and the ability to manage multiple tasks simultaneously. 
• Ability to work independently, under general guidance. 
• Strong analytical and problem-solving skills with ability to exercise mature judgement.
• Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively.  
• Experience with workflow automation tools, specifically Microsoft Power Apps and Power Automate.
• Experience working with SAP
• Fluent in spoken and written English

Qualifications/Education 

• Bachelor’s degree or equivalent experience in Information security/ technology, or Cyber Security or equivalent 
• An MSc Information Security/technology cyber security or equivalent would be an advantage. 

Certification 

• Information Security and/or Risk management certifications such as CRISC, CISM, CISA, CISSP, CTPRP etc. are preferred.