Address
Form of work
Salary3rd Party Cyber Risk Manager
Banking
Hybrid: 2-3 days per week in Central London
6 months+ (long term)
£600 - £640 per day
In short:Cyber Risk Manager required to assess and remediate 3rd Party suppliers for a banking client.
In full:
Purpose
- Support the due diligence function.
- Maintain and update the standards and procedures for identity and access management within EMEA.
- Collate and produce reports providing evidence for senior management that all key risks are identified, mitigated, and monitored.
Background
This role forms a key part of the Security Governance Team, supporting the Head of Security GRC and leading the tactical delivery of Security due dilligence and risk posture on critical third party population.
Responsibilities
- Review and validation of in scope assessments on critical Third-Party list
- Mapping of ICT third party providers (in accordance with DORA requirements)
- Completion of Inherent risk assessment for critical TP list
- Completion of due diligence on all critical third-party providers in scope
- Completion of residual assessment and informing on risk posture following controls assessment
- Act as anSME for security and resilience on theEMEA wide risk forum.
- Responsible for the delivery of security risk due diligence
- Responsible for the delivery of security controls relevant to risk, identified through assessments and BAU. remediation actions Deliver security & resilience due diligence to EMEA critical third-party provider population
- Responsible for Lead reviewing security and resilience due diligence response outcomes from the wider programme of work.
Experience required
- Lead experience defining third party due diligence programs.
- Lead experience delivering third party due diligence, analysing responses and providing risk posture
- Risk management techniques such as risk identification, risk evaluation, control mapping and mitigation tracking
- Performance management techniques including developing and maintaining KPIs (and KRIs) and appropriate tolerances.
- In depth knowledge of third-party regulations across UK and EU such as EBA, DORA and standards is expected.
- Working with Information and Cyber Risk Frameworks and Standards (e.g., NIST / ISO27001) as well as Regulatory frameworks (e.g., Bank of England FCA/PRA, EU).
- Stakeholder management, including working with diverse teams in EMEA, North America, Ireland and Japan
Candidates will ideally show evidence of the above in their CV in order to be considered.
Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.
