Address
Form of work
SalaryIT Security TPRM Lead
This is a great role to support the TPRM due diligence function plus maintain and update the standards and procedures for identity and access management for a prestigious global financial services institution.
This role will involve:
Review and validation of in scope assessments on critical Third-Party list
Mapping of ICT third party providers (in accordance with DORA requirements)
Completion of Inherent risk assessment for critical TP list
Completion of due diligence on all critical third-party providers in scope
Completion of residual assessment and informing on risk posture following controls assessment
Act as an SME for security and resilience on the EMEA wide TPRM forum.
Be responsible for the delivery of security TPRM due diligence
Be responsible for the delivery of security controls relevant to TPRM, identified through assessments and BAU. remediation actions Deliver security & resilience due diligence to EMEA critical third-party provider population
Responsible for Lead reviewing security and resilience due diligence response outcomes from the wider TPM programme of work.
To be considered for the role you will require the following:
Lead experience defining third party due diligence programs.
Lead experience delivering third party due diligence, analysing responses and providing risk posture
Risk management techniques such as risk identification, risk evaluation, control mapping and mitigation tracking
Performance management techniques including developing and maintaining KPIs (and KRIs) and appropriate tolerances.
In depth knowledge of third-party regulations across UK and EU such as EBA, DORA and standards is expected.
Working with Information and Cyber Risk Frameworks and Standards (eg, NIST/ISO27001) as well as Regulatory frameworks (eg, Bank of England FCA/PRA, EU).
Stakeholder management, including working with diverse teams in EMEA, North America, Ireland and Japan
Keywords: third, party, risk, management, manager, cyber, security, dora, nist, iso, iso(phone number removed), analyst, consultant, engineer, manager, lead, leader
