Job Search

Cyber Risk Analyst - Vendor/3rd Party

Job Title: Cyber Risk Analyst - Vendor/3rd Party
Location: Sydney
Reference: 3218259
Contact Name: Reece
Job Published: February 11, 2021 10:01

Job Description

Globally recognised TOP ASX Listed business is looking for a Cyber Security Analyst work on their complex global supply chain 3rd Party Vendor Risk!!

Exercises independent judgement within defined parameters. Identify solutions to issues that are generally defined (but not always immediately evident) and require problem-solving.

You will be an experienced cybersecurity solution specialist with third party vendor risk experience.

The complexity of the business supply chain calls for an experienced cyber professional to run our existing vendor risk management service as part of the Cyber Security GRC team and improve on the service we are already providing.  We use third party tools and services that provide external scoring posture of our potential vendors.  This role will manage the process of assessing the vendors in the context of the solutions and services they provide to the business and manage the end to end process of risk identification and management. This role is closely tied in with the IT procurement process, supply chain processes and Cyber risk. You will report to the Global Cyber GRC Manager and have responsibility for the effective management of cybersecurity third party vendor service management across the global business. You will be required to monitor and analyse performance of our vendors to ensure contractual service levels are achieved, risk is monitored and mitigated commensurate with our risk appetite and the service/solution they are providing. Successful candidates should have a broad range of expertise across cybersecurity. We are looking for a dynamic and motivated candidate with strong experience in IT and vendor risk management.

What you will be responsible for:
  • Assist in conducting security solutions risk analysis for various areas of the business to enable sound cyber risk management
  • Assessing operational effectiveness of various IT and other operational systems and/or processes used by different areas of the business.
  • Supporting cross-functional teams with a project relating to cybersecurity and vendor risk management.
  • Demonstrate a thorough understanding of information systems
  • Provide implementation, timing and response advisory to leadership relative to vendor risk remediative actions
  • Liaising with security vendors, suppliers, service providers
  • Vendor service management
  • Vendor governance and tracking, primary contact for a managed service
  • Regular reviews making sure service is effective
  • Internal stakeholder management
  • Manage issues/risks/dependencies
  • Monitor and analyse performance of vendors to ensure contractual service levels are achieved (SLA’s)
  • Coordinate vendor on-boarding and off-boarding activities internally
  • Oversee and facilitate the interaction between vendors and internal stakeholders to deliver changes to technology, process and contractual terms
  • Project manage transition of or change to services provided by the vendor
  • Identify opportunities for improvements in vendor engagement, processes and products and liaise with internal stakeholders to deliver these improvements
  • Provide relevant, accurate and timely reporting on vendor performance in risk mitigation and external posture
  • Conduct meetings and to perform regular audits and compliance checks
  • Assist in developing policies and procedures, as required
  • Relationship building and stakeholder engagement
  • Manage third party risks effectively and efficiently
What you will need to be successful:
  • Demonstrated knowledge of information security concepts, risk and controls concepts
  • Understanding of regulatory requirements for managing risk
  • Knowledge of incident management, disaster recovery and business continuity management
  • Progress towards or completion of certifications is highly desirable e.g. CISSP, CISM, CCSP, CISA, OSCP, CEH, Security+, ServiceNow Risk and Compliance Implementation Specialist
  • Experience in performing security threat and risk assessments and delivering projects relating to security strategy, governance, security architecture and capability improvement
  • Technical experience in relation to cloud security, endpoint security, identity and access management or data protection will be strongly regarded
  • Ability to work as part of a global team across multiple countries, cultures and time-zones
  • Excellent written and verbal communications skills and the ability to clearly articulate complex security concepts to a broad and diverse audience
  • Experience within IT software and Infrastructure
  • Good oral and written communication skills
  • Knowledge of IT software and infrastructure
  • Strong project and time management skills.
  • Continuous vigilance and proactive action
  • The ability to adapt and operate in a fast-paced and changing environment
  • Good attention to detail, tracking and reporting skills
  • Good stakeholder management 
  • Experience managing third-party vendors
  • Understanding of the current threat landscape, response, and mitigation strategies used in cybersecurity.
  • 3-5 years of significant experience within IT service management
  • Tertiary qualification in IT, Business or similar
  • Good understanding of governance framework and process
  • Familiar and confident around ITIL processes
If you are interested in hearing more about this role, apply now!

Get similar jobs like these by email

By submitting your details you agree to our T&C's