Third Party Security Specialist (Fixed Term Contract)

Job Description:

Dentsu is the network designed for what’s next, helping clients predict and plan for disruptive future opportunities and create new paths to growth in the sustainable economy. Taking a people-centered approach to business transformation, we use insights to connect brand, content, commerce and experience, underpinned by modern creativity.

Dentsu Security are responsible for the scope and delivery of both cyber security and business continuity activities that cover every one of our dentsu offices located across 145 countries globally. 

Joining our Technology & Security Governance, Risk & Compliance function, you will be reporting directly to the Head of Third Party Security, performing a key role within an expanding Global Third Party Security team. The successful candidate will build upon their existing information security and/or third party risk management experience supporting the Third Party Security function in establishing relationships with both internal stakeholders and suppliers across the global network to ensure that third parties are assessed, on-boarded, monitored and off-boarded with appropriate due diligence.

Responsibilities 

• Conduct security risk and control assessments against technology and business third parties – at a global, service line and market level. 

• Develop relationships with business third party relationship owners through onboarding processes. 

• Engage directly with suppliers through onboarding processes and as required through continuous monitoring. 

• Track control remediation to ensure third parties respond and deliver within the agreed timeframes. 

• Collaborate with key third party risk management stakeholders including procurement, legal, and data privacy functions. 

• Conduct or co-ordinate on-site assurance audits for the highest risk third parties. 

• Maintaining risk and control assessment schedules using the enterprise strategic Vendor Risk Management platform (Surecloud). 

• Support internal TPSA activities and drive improvement of existing processes. 

• Proactive engagement with relevant stakeholder cross-dependencies (BIA’s, DPIA’s). 

• Develop and maintain reporting to effectively monitor and measure control effectiveness and business performance for managing third party risk. 

• Ensure processes and procedures are documented and reviewed on a continual basis. 

• Support and influence continuous improvement across third party security and the wider Security team including GRC, Cyber Security, Client Security, Security Architecture and Security Programme teams. 

Candidate Profile 

• Experience of security compliance initiatives within an enterprise technology environment such as ISO27001, NIST, CIS, PCI DSS, Cyber Essentials. 

• Knowledge of all domains within security covering people, process and technology. 

• Experience of third party security risk management and assurance within a medium or large-sized organisation. 

• Experience in third party risk and control assessment for IaaS, PaaS, SaaS cloud service providers. 

• Ability to explain technical complex concepts to non-technical audiences.. 

• Experienced with IT assurance functions and auditing techniques 

• Experience of Data Flow Mapping, Security Architecture, Cloud API Integrations (desirable). 

• Experience of Cyber Security Rating Platforms (desirable). 

• Experience in using Vendor Risk Management assessment platforms (desirable). 

• Experience in developing and administering SharePoint environments preferable (experience in using SharePoint ‘Document Sets’ would be ideal).. 

• Experience in using Microsoft Excel, Microsoft Flow, Microsoft Forms, Microsoft PowerBi. 

• Is demonstrably self-motivated, pro-active, action orientated to achieve deadlines. 

• Interest in their own personal development within both TPSA and other Security functions. 

• Achieved or working towards an information security qualification (CISSP, CISM, CISA, CRISC) (desirable). 

• Proactive development of trending knowledge and skills within information security community. 

#LI-EY1

#LI-HYBRID

Location:

Kuala Lumpur

Brand:

Global Functions

Time Type:

Full time

Contract Type:

Fixed Term Contract (Fixed Term)