Third Party Information Risk Analyst
- Oct 11, 2021
Information Risk Analyst Role - Technology Risk Analyst! About the role:
This resourcing requirement is responsible for supporting the management of Third-Party Information Security Risk for the APAC organisation. This includes performing the inherent risk ranking of all suppliers in relation to Information Security Risk, providing oversight and responsibility for the outsourced team completing remote and on-site assessments of higher risk third parties and prioritising reviews where appropriate.
The role directly contributes to the regional Information Security teams by providing metrics, maintaining a Third-Party Asset inventory, and tracking both risk remediation and control compliance. Roles and Responsibility:
- Act as the regional lead within the clients team and Cloud Governance Committee
- Independently executed information security due diligence on third parties including cloud technology implementations
- Understanding complex technology and line of business projects, identifying, and analysing complex security issues, and providing sound guidance to stakeholders to mitigate risk
- Lead and be involved in discussions with stakeholders to understand inherent information security risks presented by technology or business
- Lead and be involved discussions with stakeholders to understand inherent information security risks presented by technology or business projects involving third parties
s projects involving third parties
- Liaised with procurement, legal, and third parties to formalize, review, and negotiate information security requirements in agreements within the APAC region
- Represent APAC region and work with Global Third-Party Risk Management team on the vendor backlog project to identify the existing high-risk vendors
- Collaborated with Global team to align the work plan to rollout the new Third-Party Risk Management process
- High level of business acumen, preferably in a regulated/financial industry
- 4+ years of information security experience with a focus on risk assessments and controls, governance, risk management, program development, compliance, and/or auditing.
- Previous experience of supporting or managing a Third-Party risk assessment programme is essential
- Strong risk-based analysis and decision-making skills
- Experience interpreting and applying information security standards and frameworks or attestation reports
- Experience reviewing, and redlining agreements
If this sounds like a role you would like to apply for, please send across your latest resume to firstname.lastname@example.org for a confidential discussion.
Morgan McKinley Pte Ltd
EA Licence No: 11C5502
EA Registration Number: R15500