Business Unit / Team: Technology Operations & Cyber Security (TOCS) - Cyber Cluster/Third Party Security teamSalary range: GBP65,000 - 70,000 DOE + red-hot benefitsLive to challenge the status quo. Live a life more Virgin.Our Team As a Third-Party Security Team Lead, you will become part of the dynamic Third-Party Security Team within the Technology Operations & Cyber Security (TOCS) - Cyber Cluster. The Cyber landscape is constantly evolving, and with this so too are security threats and risks. You will have an important role in keeping the Bank safe and protecting the confidentiality, integrity and availability of our data through assessing all Third-Party relationships and services and providing Cyber risk expertise to Business and Technical stakeholders at all levels. You will take a leading role in ensuring that Third Party security controls are delivered in line with business risk appetite.If you like a fast-paced role that will challenge you, then you may have just found it! We're looking for self-motivated enthusiastic individuals, who have a real passion for cyber security, and are ready to make a real difference to a successful team.What you'll be doing
- Leading Third Party transformation activities to automate and enhance team processes
- Understanding the scope of services being procured by colleagues across the business and identifying where Third Parties will be accessing, processing, storing or transmitting confidential/sensitive Virgin Money (VM) information
- Carrying out comprehensive assessments of Third Party Vendors and their control environments to ensure there are no control deficiencies that could negatively impact the confidentiality, availability and integrity of VM data
- Making recommendations against Third Party Security risks that may sit outside of VM's risk appetite and ensuring timely remediation
- Ensuring security language is agreed in all contracts to hold third parties accountable for maintaining a high level of security
- Carrying out Third Party onsite assurance audits for highest risk Third Parties to validate that controls continue to operate effectively
- Executing offboarding activities for any Third Party services that are being terminated ensuring information, data and assets are retrieved
- Reporting on Third Party Security metrics to demonstrate that targets are on track as well as identifying areas that require attention
We need you to have
- Extensive experience of working in Third Party Security risk/assurance/audit roles.
- Experience in leading change and delivering 3rd party/Supply chain security transformation activities covering people, process and technology
- Experience in driving Inclusion, treating people as individuals, listening, empathising, and involving them.
- Experience of assessing Third Party security practices, identifying control weaknesses, making recommendations for improvement and managing remediation activities
- Experience of carrying out Onsite 3rd Party Audits/Control testing activities
- Experience of negotiating Information Security contract language and clauses
- Experience of Cybersecurity frameworks e.g. ISO27001, SOC2, NIST
- Understanding of Cloud Models & Security - IaaS/PaaS/SaaS, Data protection, Network Security, Identity & Access management, compliance & auditing
It's a bonus if you have but not essential
- Experience in using Third Party Security Intelligence platforms using tools such as Security Scorecard, Recorded Future, Prevalent etc.
- Experience in supporting 3rd Party Information Security Incidents
- Knowledge and understanding of Microsoft technology - Microsoft Azure, Microsoft Defender, Azure Sentinel, PowerBI.
Red Hot Rewards
- Generous holidays - 38.5 days annual leave (including bank holidays and prorated if Part-Time) plus the option to buy more
- Up to five extra paid well-being days per year
- 20 weeks paid, gender-neutral family leave (52 weeks in total) for expectant parents and those looking to adopt
- Market-leading pension
- Free private medical cover, income protection and life assurance
- Flexible benefits include Cycle to Work, wellness and health assessments, and critical illness
- Ability to work anywhere in the UK (where the role allows)