Third Party Security Lead

Ireland

Full Time Mid-level / Intermediate EUR 79K - 147K * ^est.

Monument Re Group

View all jobs at Monument Re Group

Apply now Apply later

Posted 1 day ago

About the role

Reporting to the Information Security Manager, the Third-Party Security Lead plays an important role in assuring the security of Monument Re’s assets stored, accessed or processed by third party suppliers and outsourcing partners. The role-holder will possess a good understanding of security controls, risk management, and operational security practices and have experience of assuring external entities comply with required security standards and regulatory requirements.

Responsibilities

Third-Party Risk Management

Lead the assessment, onboarding and continuous monitoring of third-party vendors and outsourcers.
Maintain and improve the Monument Re third-party risk management framework aligned with industry standards such as ISO27001 and regulatory requirements such as DORA.
Document, manage and track third-party risks on the information security risk register and report key risk indicators (KRIs) and metrics as part of periodic management reporting.
Act as the primary point of contact for all third-party security matters and be the subject matter expert (SME), offering guidance and training to internal teams on third-party best practice.

Security Assessments & Audit

Working in partnership with the Group Vendor Management (GVM) team, support the security vetting as part of the due diligence during vendor selection as well as periodic assessments and reviews once third-parties are onboarded.
Conduct both on-site and remote security assessments and audits where required, this includes vendors located in all the regions where Monument Re operate.
Evaluate vendor responses to security questionnaires and audit/assessment results and work with GVM and third-party relationship holders to quantify, manage and track risk.
Configure and operate third party monitoring systems to immediately highlight issues and risks.
Work with Monument Re’s technical teams and security suppliers to conduct technical security testing on third-party vendors as needed.

Governance, Risk & Compliance (GRC)

Collaborate with the Legal, Compliance and GVM teams to embed appropriate security clauses in contracts.
Cross-train and act as a backup to colleagues in the GRC team within Information Security.
Digital Operational Resilience Act (DORA)
Ensure Monument Re maintain compliance with all DORA-driven requirements and support the reporting and resolution of any security incidents and breaches at third-parties.

Role Requirements

Minimum of 3 years experience in similar role in third-party or outsourced security assurance.
Strong experience of working in a regulated environment, ideally financial services, where third-party vendors were required to conform to high security standards.
Ideally experience of the technical aspects of security as well as governance, risk and compliance.
Experience of planning and delivering third-party assessments and audits, working with external partners to agree the remediation action plans and tracking progress through to close of findings.
Experience with working in partnership with vendor management and procurement functions.
A thorough understanding of DORA and the regulatory requirements for managing third-party risk.
Ability to work independently and think proactively.
Ability to deliver results through collaboration and influencing of internal and external stakeholders.
Ability to effectively communicate with all stakeholders, explain third-party risk and advocate for the implementation of required security controls across third-party and outsourced vendor landscapes.
Experience of representing the information security function in management forums and periodic vendor review meetings to report on and articulate third-party risk as well as make recommendations to mitigate or close these risks.
Good interpersonal, written and verbal communication and engagement skills with experience of engaging with all levels of employees and external partners.
Must have high attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency.
Be energetic, passionate with a positive attitude.
Holder of relevant security certifications (ISC2, ISACA etc.) or equivalent training/experience.
Excellent English language skills. French language skills a plus.
Periodic overseas travel will be required to deliver on-site assessments and audits.