Information Security Manager - Third Party Risk Management
Job description Who are we?
PwC's Operate business delivers large operational and managed service solutions for clients to meet regulatory, risk and compliance challenges.
With over 1,100 staff deployed on large implementation and execution programmes, Operate brings together top talent with a distinctive mix of knowledge and skills. We support clients by providing staff augmentation services, delivering large scale operational programmes and managed solutions. We deliver our client work from a range of locations, providing our clients with cost-effective delivery, access to subject matter expertise and operational excellence disciplines for some of the biggest brands worldwide. About the role
We are looking for self-motivated and experienced information security individuals with extensive experience in performing third party risk management activities such as supplier security assessments/reviews, contractual terms analysis and negotiation, and ongoing monitoring of supplier adherence to security commitments.
You will need to demonstrate technical expertise in the following areas of Cyber Security
- Knowledge of cloud computing environments - SaaS, PaaS and IaaS - and experience evaluating the associated organisational risks
- Information Security assessment processes, including audit, vulnerability scanning and security policy and standards review. Experience creating and managing IT security policies and standards. Sound understanding of penetration testing results.
- Understanding of Information Security fundamentals across multiple domains, including (but not limited to) security management, security architecture, application security, network security, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, laws, investigations, and ethics;
We will also be looking for demonstrable experience in a management role where you have led your teams toward success. We expect our staff to be driven, enthusiastic and keen to build on existing experience. Key Responsibilities
Who are we looking for?
- Manage a large and diverse portfolio of Vendors for the firm;
- Evaluate and review third party vendor legal documentation and processes including MSA's, SOW's and RFP responses
- Perform risk assessment on suppliers and identify control gaps
- Negotiate remediation plan with suppliers
- Maintain open communication channels with senior stakeholders through regular governance sessions, escalating appropriately as and when required.
- Own the quality of all client outputs and ensure all client and internal document repositories are accurate and up to date
- Operate as a federated subject matter expert across multiple engagements when required
- Degree in Information Technology or related subject
- Previous experience in professional roles involving information security and/or management
- Knowledge of information risk and compliance principles. Broad understanding of security technology and related risk and compliance issues
- Senior stakeholder relationship management
- Excellent attention to detail and a passion for delivering high quality output for clients
- Previous experience in coaching and developing junior members of staff up to a required standard.
- Cyber Security related certifications including ISO27001 Lead Auditor, CISA, CISM, CIPP, CISSP
- Strong understanding of information security controls & ISMS standards such as ISO27001/2, COBIT and NIST
- Experience with SOC2 compliance standards
What's in it for you?
- Ability to develop and manage structured third party risk identification, assessment, and treatment programs for large organisations
- Ability to assess adherence to security controls using standard audit and assessment methodology (e.g. inquiry, inspection, observation)
- Very strong customer facing verbal and written communication skills
- Adept at translating technical IT security concepts into business terms
- Ability to address risk utilising standardised and consistent methodology
- Ability to identify and leverage relationships between data held in different applications to develop tools and reports that support the management of information security
- Understanding of existing and upcoming legislative and regulatory requirements applicable to data protection and security.
We will provide you with
- An opportunity to work on a range of different programmes giving you variety and depth in your day to day work;
- A fast paced, challenging environment with a clear career pathway;
- The opportunity to work with industry leading clients across a range of industry sectors;
- Dedicated technical and soft skills training to support your induction and ongoing career progression, with full access to PwC Professional frameworks;
- The opportunity to undertake a relevant professional qualification; and
- A people manager to support your ongoing development and progression.
Our Compliance Testing team is located in PwC's Belfast office. Staff may be required to travel on occasion to various client locations and PwC UK offices for business meetings and training. We will however discuss and agree these requirements with you in advance of starting a project.
Closing date for applications is Monday 22nd July 2019 at 5.00pm. About PwC
We're one of the world's leading professional services organisations. From 158 countries, we help our clients, some of the most successful organisations on the globe, as well as its most dynamic entrepreneurs and thriving private businesses, to create the value they want. We help to measure, protect and enhance the things that matter most to them. The skills we look for in future employees
All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, 'The PwC Professional' and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.
Learn more here www.pwc.com/uk/careers/experienced/apply Diversity
We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool, as well as those who reflect the diverse nature of our society. And we aim to encourage a culture where people can be themselves and be valued for their strengths. Creating value through diversity is what makes us strong as a business and as an organisation with an increasingly agile workforce, we're open to flexible working arrangements where appropriate.
Learn more here www.pwc.com/uk/diversity