Job Title: Information Security -Third Party Risk Analyst
Location: Global (UK)
Reporting to: InfoSec Governance, Risk and Compliance Manager
**Please note for this role you must have experience in Third Party Risk**
About Swissport
We are a global leader in sustainable and responsible airport services provision, renowned for our unwavering commitment to safety, operational excellence, and exceptional service, shaping a future where air travel thrives on reliability, efficiency, and experience.
In 2023, with the support of more than 60,000 colleagues, Swissport provided best-in-class airport ground services for some 232 million airline passengers and handled roughly 4.7 million tons of air freight at 115 cargo centres. Across a global network that is unparalleled in the industry, Swissport served airlines at 286 airports in 44 countries across six continents.
The culture of Swissport is shaped by our corporate values, which guide our actions and decision-making processes. These values are at the core of our culture, shaping our business and underpinning our commitment to measuring our impact. They capture the essence of who we are at Swissport and help us deliver value across the entire company.
"Show You Care" underlines that our actions are perceived and valued from the perspective of the people around us. So, whatever we do, we do it purposefully and consciously, taking in the perspective of our colleagues, customers, and passengers.
“Doing the right things” means that we do the things that are valuable to our colleagues, customers, and passengers. We are trained to do this safely and trusted to do the right thing in any given situation.
"Win as a Team" highlights the importance of teamwork. Either we win as a team, or we fall as individuals. Together, we can surpass ourselves and handle any situation.
These values capture the essence of who we are and our unwavering commitment to excellence, and give actionable guidance for individual behaviour of employees, leaders, and executives, serving as a compass for how to act and deliver.
You, as our Information Security Third Party Risk Analyst
Partner with IT, business groups, project teams and 3rd parties to ensure the protection of confidentiality, integrity and availability of Swissport information assets inline with the Information Security policies, legal/compliance and industry best practices. Support information security risk management by identifying and capturing 3rd party risks to maximise business value and opportunities. Support the implementation of our IT Governance model and relevant processes.
You will support our key stakeholders on identifying Information Security risks from external entities and play an active role to continually improve and enhance Swissport’s cyber and information security posture and resiliency.
Main Responsibilities
* Under the guidance of the InfoSec Governance, Risk & Compliance manager, facilitate the Swissport 3rd party risk management process ensuring all 3rd parties are appropriately assessed and any risks are managed.
* Work with the various Swissport departments to ensure the in-scope 3rd parties are listed, and categorised based on risk.
* Perform security reviews of 3rd party vendors, including pre-assessment, assessment, and remediation activities against Swissport policies and applicable regulatory requirements.
* Produce assessment summary reports that detail gaps, potential impact, and recommendations for mitigating risk.
* Ensure that all relevant 3rd parties understand and agree to follow all appropriate Swissport InfoSec policies.
* Develop and maintain 3rd party supplier risk and respective control monitoring plans.
* Enhance the existing vendor assessment process to ensure a consistent and logical risk-based framework is in place that is aligned with industry best practice and is appropriate to the threats faced in the aviation industry.
* Collaboration with all IT and non-IT functions on the risks that can be realised from working with external partners, including IT Operations, Change Management, Business Consulting, Enterprise Architecture and Global Procurement and Legal, to ensure they are aware of the IT risks and follow the Information Security risk assessment process.
* Ensuring the adherence to company policy and industry best practice through compliance review, evidenced based reporting and audit activity for information assets.
* Provide guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
* ·Monitor compliance with agreed policies and procedures.
Your qualifications and Competencies
* University degree in Computer Science or related field of study.
* Previous experience in Third Party Risk Management roles.
* Understanding and knowledge of, at least, one information security management frameworks, such as ISO/IEC 27001, COBIT and NIST; awareness and understanding of compliance and data protection regulations, such as GDPR
* Working experience in positions that include a combination of different areas, such as: risk management, information security, security architecture/design/engineering, network security, policy, awareness, privacy protection (in addition to the degree or previous qualifying work experience).
* Operates with passion and real drive when pursuing goals; highly committed and acts with positive attitude in the face of setbacks and obstacles.
* Ability to work effectively in a multicultural, global matrix environment; good team player.
* Willingness to learn and constantly self-develop in the area of Information Security.
* Act as a role model for Swissport Values and fully adhere to the Code of Conduct.
* Ability to communicate and present security and risk-related concepts to technical and non-technical audiences at all levels.
* Excellent written and verbal communication skills.
* Fluent command of oral and written English as the corporate language.
Your next step
If you are looking for this key position in at a growing and changing international group that is headquartered in Zurich, we invite you to apply. When you do, please send your resume in English via the Apply button.
Because we get many applicants for our jobs it’s impossible to contact everybody personally. If you therefore do not hear from us, we have chosen for another candidate at this moment.
Equal Employment Opportunity Statement
Swissport as an equal opportunity employer bases its hiring decisions on the business need and the best qualified candidates available and does not discriminate in its employment decisions based on any protected category.
Candidates who are offered employment may be subject to a criminal record and other background checks as permitted or required by company policy or applicable law.