As the Lead for Supply Chain Security Assurance, you will have a keen attention to detail and an ability to grasp the broader context in which you operate. Effective communication with a diverse group of stakeholders is essential, requiring strong interpersonal skills. Your primary responsibility will be to enhance the Supply Chain Security Assurance Capability, playing a pivotal role in safeguarding the organisation and facilitating well-informed security-related business decisions across the enterprise.
In this position, you will instil confidence in the Board, Commercial Directorate, and Owners by ensuring that the organisation's Supply Chain implements and continuously oversee effective security controls.
Key accountabilities:
- Develop, lead and shape the Supply Chain Security Risk and Assurance Functions taking accountability for service delivery and enabling an effective, visible and respected supplier security service (including but not limited to: production of Security Aspects Letters, Supplier Security Questionnaires and Assessments, Security Assessment Reports).
- Build long term internal and external strategic relationships and influence stakeholders and relationships effectively to gain support for security risk and assurance.
- Clearly define priorities and reflect in measurable team objectives.
- Continue to iterate the service to ensure the organisation continues to meet end user needs stakeholder requirements and align to wider organisational risk and control assessment practices
- Lead by example, visibly and confidently engaging colleagues and stakeholders to support and deliver effective Supply Chain Security Assurance.
- Drive innovation, empowering team members to take responsibility for removing inefficiencies, driving costs down and improving services, sharing suggestions for process improvement so good practice is shared and standardised
- Provide input at senior governance levels, ensuring security outcomes are fully understood and considered
- Lead Supply Chain Security risk and assurance activities, research, evaluation and interpretation of evidence providing a holistic and robust opinion on the security posture of people, processes, and technology.
- Provide input to Senior Managers in respect of business cases for security investments.
- Work with Security colleagues to identify and assess existing/new threats (threat actor and vectors) and security alerts and provide assurance against current state of controls relevant to Supply Chain stakeholders.
Key requirements:
- Proven experience of interacting with senior leaders on security risk/assurance topics to present, escalate and influence decision making.
- Strategic with proven leadership experience. Can demonstrate the ability to engage, negotiate, and communicate easily and confidently with people at all levels.
- A comprehensive technical understanding of Security and Risk Management processes and controls.
- An effective decision maker, who utilises evidence, available data and experience to provide clear, accurate and professional decisions.
- The ability to thrive in a challenging environment, working to tight deadlines while prioritising a large and varied workload.
Desirable:
- CISM, CRISC, CISSP, CISA, CGEIT, ISO27001 Lead Auditor.
- Experience of security management and analysis
- Good understanding of security controls (technical, procedural, personnel and physical)
- Good understanding of security monitoring and testing processes
- Good technical knowledge of applications and architectures
- Good knowledge of third party Security Assurance methods and deliverables
- Strong understanding of the NIST Cyber Security Framework
- Experience of information security management systems and risk assessment methodologies
Beneficial Technologies:
- Microsoft Visio, Atlassian Jira / Confluence, Standard Microsoft Office applications (PowerPoint, Word, Excel, Outlook)
- Broad understanding of a wide range of industry standard IT technologies across Business, Data, Application, Technology, and associated security risks.
If you consider yourself to have a disability or if you are a veteran, and you meet the essential criteria for the role, you will be put forward for the ‘Guaranteed Interview’ scheme whereby you will have the opportunity to discuss this role and your suitability with a member of the Sourcing team.
If you are successful in securing this role, please note that for the entire duration of this contract, regardless of extension you will be working this role at the equivalent PAYE rate that has been advertised. For absolute clarity, we only work on a PAYE basis. If you wish to understand PAYE vs Umbrella more, please let us know and we can send you some additional information.