Supplier Cyber Risk Analyst

Grade Level: L1
Location: Islamabad
Last Date to Apply: 22 January 2025

What is Supplier Cyber Risk Analyst?

Supplier Cyber Risk Analyst is responsible for assessing and monitoring the cybersecurity risks posed by third-party vendors or suppliers, ensuring they comply with regulatory frameworks and international standards (ISO 27001, 27017, PCI DSS, NIST CSF, SOC 2 etc.), and collaborating with stakeholders to integrate suppliers into the organization’s cybersecurity program. This role focuses on building a robust third-party/supplier risk management framework, managing supplier-related incidents, ensuring continuous oversight of supplier security posture, and leveraging supplier monitoring tools to evaluate and monitor supplier risks.

The role helps to reduce the cyber risk posed by suppliers and protect Jazz against possible attacks against the information assets by threat actors via backdoors created by partners or suppliers.  

The role reports directly to the Stream Head Cyber Security with an extended team of 10 team members.

What does Supplier Cyber Risk Analyst do?

·       Develop, implement, and manage a Third-party/Supplier Risk Management (TPRM/SRM) framework aligned with industry standards and organizational requirements.

·       Conduct security risk assessments of suppliers and partners during onboarding and periodically.

·       Evaluate SOC 2 reports, security certifications, and compliance evidence provided by the partners/suppliers.

·       Maintain a risk register for all third-party vendors or suppliers and update it regularly with risk assessment findings.

·       Collaborate with internal stakeholders to manage supplier risks effectively.

·       Act as a liaison between internal team and suppliers to ensure the implementation of robust security controls.

·       Collaborate with relevant stakeholders to include cybersecurity clauses in supplier contracts.

·       Analyse technical vulnerabilities in suppliers’ systems and applications to assess potential risks. Provide technical guidance and support in identifying, prioritizing, and addressing critical vulnerabilities.

·       Analyse penetration test reports and other due diligence documents.

·       Ensure suppliers compliance with applicable cybersecurity policies, procedures, & frameworks such as ISO 27001, NIST CSF, PCI DSS etc.

·       Coordinate with suppliers to implement necessary security controls and remediation measures.

·       Incorporate and engage suppliers into the organization’s cybersecurity incident management process.

·       Coordinate with suppliers during cybersecurity incidents, ensuring timely reporting and resolution.

·       Document and track supplier-related incidents, escalating critical issues to senior management.

·       Continuously monitor the cybersecurity posture of suppliers and fourth-party vendors through questionnaires, or other monitoring tools, ensuring real-time updates on supplier risk profiles.

·       Conduct security audits of suppliers to verify the compliance status.

·       Prepare periodic risk reports for leadership, highlighting key supplier risks and recommended mitigations.

·       Conduct training for internal teams on third-party or supplier risk management processes and best practices.

Jazz is an equal opportunity employer. We celebrate, support, and thrive on diversity and are committed to creating an inclusive environment for all employees.

Requirements

What are we looking for and what does it require to be a Supplier Cyber Risk Analyst?

• BS/MS in Information Security/Information Technology/Computer Science or related field.
• 1-3 years of proven experience in third party or supplier risk management, cybersecurity assessments, cybersecurity consulting, cybersecurity GRC or related area.
• Strong understanding of cybersecurity frameworks like ISO 27001, NIST CSF, PCI DSS, SOC 2, etc.
• Strong understanding and knowledge of vendor or supplier risk management tools and methodologies.
•   Experience in reviewing SOC 2 reports.
•    Experience in conducting detailed security audits, for verifying supplier compliance. 
•     Strong technical skills and knowledge to understand and evaluate technical vulnerabilities in suppliers’ systems/applications.
• Relevant certifications such as, ISC2 CC, ISO 27001 Lead Auditor/Implementer shall be preferred.
• Functional
•   Self-starter needs no or little supervision.
•   Ability to organize, plan and document tasks.
•   Ability to manage internal & external stakeholders.
•   Possess good logical and analytical skills to help in analysis of Cyber Security risks.
•   Strong analytical and problem-solving skills.
•   Excellent communication and presentation skills
•   Ability to explain technical concepts to non-technical audiences.
•   Ability to manage multiple suppliers and prioritize tasks effectively.

• Technical
•     In depth knowledge of the GRC concepts.
•     In depth knowledge and hands-on experience of ISO 27001, NIST CSF standards
•     Strong security risk management skills.
•     In depth knowledge and hands-on experience of security standards and compliance standards.
•     Knowledge of vulnerability assessment tools and cloud security platforms
•      In depth knowledge of cybersecurity regulations. 
•     Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
•     Skill in conducting trend analysis and reporting.
•     Strong skills in writing comprehensive audit and assessment reports, including actionable recommendations.
•     Understanding of incident response processes and integrating third-party vendors or suppliers.
•    Strong skills in analyzing and reporting supplier risk data using tools like Excel or PPT, Power BI. 

Benefits

As one of the leading employers in the country, Jazz epitomizes the philosophy that each Jazz employee is passionately living a better every day inspired and enabled by visionary leadership, a unique professional culture, a flourishing lifestyle, and continuous learning and development.

As one of the largest private sector organizations in Pakistan, our objective is to continue to change the lives of our 75 million customers for the better. This is an opportunity for someone who wants to be part of something transformative, someone who can play a critical role in driving our success. Together, we can empower millions more with the tools necessary to progress in an increasingly digital economy.