The primary responsibility of the Third-Party Security Analyst is to support management of third party security risks for all of the organisations third-party suppliers. You will classify third party suppliers based on the sensitivity of data they have access to and the overall risk posture, perform information security assessments of third party suppliers following the control framework, helping ensure third party suppliers apply security controls in adherence with their policies.
- Classify third party suppliers based on the sensitivity of data they have access to and their overall risk posture, and periodically review and reprioritise the assessment schedule accordingly to help ensure the highest risk suppliers are assessed.
- Perform information security assessments of third party suppliers following their control framework to help ensure third party suppliers apply security controls in adherence with policies and standards.
- As part of the third party information security assessments, conduct IT security control testing and evidence review and provide associated improvement recommendations to help ensure controls are designed and operating effectively.
- Liaise with the third party suppliers to track the progress of remediation actions against agreed timelines and escalate any delays or roadblocks to the Security Supplier Governance Manager in order to ensure any outstanding risks are pro-actively managed.
- Liaise with Group IT control owners and review policies and procedures to effectively respond to due-diligence requests/ assessment questionnaires sent to the business by its clients and business partners
- Monitor and prepare reporting for key risks and performance indicators of third-party service providers to help ensure that trends and risks are easily identified and escalated to management.
- Support the Security Supplier Governance Manager in overseeing the delivery of outsourced delivery services by the Tier 1 and Tier 2 security suppliers by monitoring and reporting compliance to Service Level Agreements (SLAs).
- Ensure alignment to the organisation's Customer Experience and Treating Customers Fairly (TCF) policy.