Supply Chain Security Assurance Lead - Cyber Security

Hybrid working in Glasgow - 2 days per week minimum - Candidates must live within a commutable distance

As the Lead for Supply Chain Security Assurance your primary responsibility will be to enhance the Supply Chain Security Assurance Capability, playing a pivotal role in safeguarding the organisation and facilitating well-informed security-related business decisions across the enterprise. You will instil confidence in the Board, Commercial Directorate, and Owners by ensuring that the organisation's Supply Chain implements and continuously oversee effective security controls

Key accountabilities:

• Develop, lead and shape the Supply Chain Security Risk and Assurance Functions
• Take accountability for service delivery and a respected supplier security service (including but not limited to production of Security Aspects Letters, Supplier Security Questionnaires and Assessments, Security Assessment Reports).
• Build long term internal and external strategic relationships and influence stakeholders and relationships effectively to gain support for security risk and assurance.
• Drive innovation, empowering team members to take responsibility for removing inefficiencies, driving costs down and improving services, sharing suggestions for process improvement so good practice is shared and standardised
• Provide input at senior governance levels, ensuring security outcomes are fully understood and considered
• Lead Supply Chain Security risk and assurance activities, research, evaluation and interpretation of evidence
• Provide input to Senior Managers in respect of business cases for security investments.
• Work with Security colleagues to identify and assess existing/new threats (threat actor and vectors) and security alerts.

Key requirements:

• Proven experience of interacting with senior leaders on security risk/assurance topics to present, escalate and influence decision making.
• A comprehensive technical understanding of Security and Risk Management processes and controls.
• An effective decision maker, who utilises evidence, available data and experience to provide clear, accurate and professional decisions.
• The ability to thrive in a challenging environment, working to tight deadlines while prioritising a large and varied workload.

Desirable:

• CISM, CRISC, CISSP, CISA, CGEIT, ISO27001 Lead Auditor.
• Experience of security management and analysis
• Good understanding of security controls (technical, procedural, personnel and physical)
• Good understanding of security monitoring and testing processes
• Good technical knowledge of applications and architectures
• Good knowledge of third party Security Assurance methods and deliverables
• Strong understanding of the NIST Cyber Security Framework
• Experience of information security management systems and risk assessment methodologies

If you consider yourself to have a disability or if you are a veteran, and you meet the essential criteria for the role, you will be put forward for the Guaranteed Interview' scheme whereby you will have the opportunity to discuss this role and your suitability with a member of the Sourcing team.

If you are successful in securing this role, please note that for the entire duration of this contract, regardless of extension you will be working this role at the equivalent PAYE rate that has been advertised. For absolute clarity, we only work on a PAYE basis. If you wish to understand PAYE vs Umbrella more, please let us know and we can send you some additional information.

As an Equal Opportunities Employer, we provide the best talent and encourage all applications regardless of background, in line with our commitment to diversity, equality and inclusion.