Cyber Risk Manager - Risk Identification/Assessment/Mitigation - Vendor/Third party Risk management

My client who are leaders in their field are looking for a Vendor Cyber Risk Manager who will play a vital role in the organisation by assessing, measuring, and reducing cyber risks from third-party vendors that the organisation engages with. This role offers you a great chance to contribute to the organisation's cyber resilience while interacting with a diverse range of third-party vendors.

Responsibilities:

1. Vendor and Third-Party Risk Management: Implement a robust process to assess and monitor the security posture of third-party vendors and service providers with access to the organisation's systems or data.
2. Risk Identification: Identify potential cyber risks associated with third-party vendors. This includes understanding the vendor's systems, data handling practices, disaster recovery, business continuity, resilience and overall security posture.
3. Risk Assessment: Score the identified risks based on their potential impact and likelihood of occurrence. This involves using risk assessment methodologies and cyber risk scoring tools.
4. Risk Mitigation: Develop and implement strategies to mitigate identified risks. This could include recommending security controls, negotiating security terms in vendor contracts, or working with vendors to improve their security practices.
5. Vendor Communication: Maintain open lines of communication with vendors regarding their security practices and any potential risks they pose. Working with internal stakeholders on understanding risks.
6. Reporting: Regularly report to senior management and business stakeholders on the status of vendor cyber risks, including any significant changes or escalations.
7. Metrics: Devise and provide a regular set of metrics so that the business governance functions have visibility of the residual risk from the business's vendors and third parties.
8. Governance participation: Attend governance forums as required to support the wider business security posture and planning activities.

Criteria:

• Degree or professional qualification in Cybersecurity, Information Technology, or a related field.
• Relevant professional certifications (eg, CISSP, CISM, CRISC, CySa+, Security+) or equivalent.
• Proven experience in cybersecurity risk management, preferably in a vendor/third-party risk context.
• Experience of using vendor cyber risk rating and scoring systems and/or procurement management tools such as Upguard, Securityscorecard, Bitsight, ServiceNow Vendor Risk Management, would be advantageous.
• Strong understanding of cybersecurity principles and best practices.

The role is based in London and operating in a hybrid working model (3 days per week)

Cyber Risk Manager - Risk Identification/Assessment/Mitigation - Vendor/Third party Risk management