Security vendor Assurance Consultant

We have an exciting opportunity for a Security Vendor Assurance/Supply Chain Manager to be a key member of our growing Security Function. As part of the role you will be the Subject Matter Expert (SME) and point of contact for information security related supply chain & 3rd party assurance (including Cloud services), contractual and legal requirements to manage information security requirements.

Key responsibilities

• Undertake vulnerability risk assessments where required.
• Participate in Security Incident Management process.
• Provide reporting to KPIs for areas of responsibility
• Develop policies and procedures within their subject area, where required
• Own and maintain, responsibility for making updates, as well as the implementation of the policy and procedure.
• Engages with, assists internal and external business stakeholders to resolve matters within subject area/s.
• Provides support to the Security Champions Network.
• Identifies and ensures compliance against information security controls required to safeguard supplier access, storage and processing of intellectual property, assets and systems.
• Identify and mandates information security controls for suppliers that provide IT & IT Engineering infrastructure and services (eg Cloud and software development).
• Undertakes security assessments of existing and new suppliers as per policy and procedures
• Assist legal in the development of security compliant supplier contracts/agreements, that consider the requirements to address security risks.
• Assists in the review and interpretation of regulatory and legislative security requirements. Documents in policy/procedure and implements security requirements where required.
• Monitor, review and audit the on-going compliance of 3rd party suppliers.
• Work with the Business Partnering function to address information security compliance requirements.

Qualifications

• Demonstrable experience of working in a similar DEDICATED role in a large organisation or consultancy.
• Client facing, and able to support clients and their environments across a wide technology stack.
• Strong communication skills, both verbally and in writing.
• Strong understanding on security industry standards and best practise including ISO27001
• Ability to credibly coordinate between technical teams and business stakeholders.
• Any certifications within the following are highly desirable:
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• CSSLP (Certified Secure Software Lifecycle Professional)
• Cisco - CCIE Security, CCNP, CCSP, CCNA

This role would suit someone with experience of managing large and complex international supply chains within a manufacturing or other similar high-volume industry. We are looking for a specialist in this field, not a generalist with some experience. Please do not apply if you do not neet the criteria above. Candidates need to hold, or be eligible to gain UK SC Clearance.