Third-Party Security Team Lead

Live to challenge the status quo. Live a life more Virgin.Our Team As a Third-Party Security Team Lead, you will become part of the dynamic Third-Party Security Team within the Technology Operations & Cyber Security (TOCS) - Cyber Cluster. The Cyber landscape is constantly evolving, and with this so too are security threats and risks. You will have an important role in keeping the Bank safe and protecting the confidentiality, integrity and availability of our data through assessing all Third-Party relationships and services and providing Cyber risk expertise to Business and Technical stakeholders at all levels. You will take a leading role in ensuring that Third Party security controls are delivered in line with business risk appetite.If you like a fast-paced role that will challenge you, then you may have just found it! We're looking for self-motivated enthusiastic individuals, who have a real passion for cyber security, and are ready to make a real difference to a successful team.What you'll be doing

• Leading Third Party transformation activities to automate and enhance team processes
• Understanding the scope of services being procured by colleagues across the business and identifying where Third Parties will be accessing, processing, storing or transmitting confidential/sensitive Virgin Money (VM) information
• Carrying out comprehensive assessments of Third Party Vendors and their control environments to ensure there are no control deficiencies that could negatively impact the confidentiality, availability and integrity of VM data
• Making recommendations against Third Party Security risks that may sit outside of VM's risk appetite and ensuring timely remediation
• Ensuring security language is agreed in all contracts to hold third parties accountable for maintaining a high level of security
• Carrying out Third Party onsite assurance audits for highest risk Third Parties to validate that controls continue to operate effectively
• Executing offboarding activities for any Third Party services that are being terminated ensuring information, data and assets are retrieved
• Reporting on Third Party Security metrics to demonstrate that targets are on track as well as identifying areas that require attention

We need you to have

• Extensive experience of working in Third Party Security risk/assurance/audit roles.
• Experience in leading change and delivering 3rd party/Supply chain security transformation activities covering people, process and technology
• Experience in driving Inclusion, treating people as individuals, listening, empathising, and involving them.
• Experience of assessing Third Party security practices, identifying control weaknesses, making recommendations for improvement and managing remediation activities
• Experience of carrying out Onsite 3rd Party Audits/Control testing activities
• Experience of negotiating Information Security contract language and clauses
• Experience of Cybersecurity frameworks e.g. ISO27001, SOC2, NIST
• Understanding of Cloud Models & Security - IaaS/PaaS/SaaS, Data protection, Network Security, Identity & Access management, compliance & auditing

It's a bonus if you have but not essential

• Experience in using Third Party Security Intelligence platforms using tools such as Security Scorecard, Recorded Future, Prevalent etc.
• Experience in supporting 3rd Party Information Security Incidents
• Knowledge and understanding of Microsoft technology - Microsoft Azure, Microsoft Defender, Azure Sentinel, PowerBI.

Red Hot Rewards

• Generous holidays - 38.5 days annual leave (including bank holidays and prorated if Part-Time) plus the option to buy more
• Up to five extra paid well-being days per year
• 20 weeks paid, gender-neutral family leave (52 weeks in total) for expectant parents and those looking to adopt
• Market-leading pension
• Free private medical cover, income protection and life assurance
• Flexible benefits include Cycle to Work, wellness and health assessments, and critical illness
• Ability to work anywhere in the UK (where the role allows)

Feeling insatiably curious about this role? Apply as soon as you can. If we're lucky to receive a lot of interest, we may close the advert early and would hate you to miss out.We're all about helping you Live a Life More Virgin, so happy to talk flexible working with you.Say hello to Virgin MoneyWe're making great strides towards achieving our ambition of becoming the UK's best digital bank. As a full-service digital bank with a heritage stretching back over 180 years, we re a workforce to be reckoned with. We're putting the full power of our experience behind disruptive ideas that reinvent the role a bank plays in people's lives. We strive to create positive experiences for our millions of customers and our purpose, 'Making You Happier About Money', underpins everything we do. We believe in doing banking differently, innovating and working together to make a real difference. Join us and Live a Life More Virgin that empowers you with choice and flexibility in how you work.Be yourself at Virgin MoneyWe're committed to creating an inclusive culture where colleagues feel safe and inspired to contribute, speak up and be heard. As a Disability Confident Leader, we're committed to removing any obstacles to inclusion. If you need any reasonable adjustments or support making your application, contact our Talent Acquisition team Now the legal bitLiving A Life More Virgin allows our colleagues to be based anywhere in the UK (if the role allows it), but we'll need you to confirm you have the right to work in the UK.If you're successful in securing a role with us, there are some checks you need to complete before starting. These include credit and criminal record checks and three years' worth of satisfactory references.