Third-Party Security & Business Continuity Assessment Advisor
Posted on Apr 1, 2022 by Base 3
In your role of Third-Party Security & Business Continuity Assessment Advisor, your key responsibilities are the following
a) Strategic activities:
- Contribute to maintain/update the Third-party Security framework and perform the strategic reporting
- Contribute to maintain/update 3P security policies, implementing procedures, operational procedures, guidelines
- Contribute to maintain/update the third-party security requirements, as part of the contractual framework
- Contribute to maintain/update 3P Security internal controls to ensure that Information Security & Business Continuity aspects are managed alongside Third Party life cycle
- Report on 3P security activity to the Group Security management.
- Control & Continuous Improvement on the Third-party Security framework.
- Contribute to the definition and design of the longer term automation goals of the team
b) Operations: Provide security expertise alongside Third Party life cycle:
- Represent the Group Security in the Third party selection & contract management process:
- Support business owners in the inherent and residual security risk assessment (tailored to the risk profile).
- Perform and document the relevant assessment to evaluate provider residual security risk.
- Manage the residual risks in line with the risk management framework and coordinate the implementation of remediation action plan
- Advise the Business owners on contract elaboration (integration of Information Security clauses in the contract).
- Track activity and progress through the Third Party Cyber risk process chain
- Collaborate to the periodic third-party information security risk recertification
- On a daily basis, monitor the third-party security risks
- Follow the cyber-threat alerts as a facilitator with the incident management teams
- Prevent the incident from occurring in the future
- Perform ad-hoc on-site audit on critical providers
- Ensure that the service/contract termination controls have been performed
Required Technical & Functional skills
- Education: Bachelor/Master's degree (Computer Science, Information Security or Business Science).
- Broad knowledge of Information Security & IT security is mandatory. Relevant Information security certifications (ie. ISO 27000 lead implementer, CISM, CISSP ) and/or governance certifications (Cobit, ITIL) is preferable.
- Knowledge and/or experience of financial services
- Languages: English (Fluent), Being fluent in French and/or Dutch is a plus.
Note: this role has been assessed as Inside IR35, which-h only affects UK resident candidates