Third Party Information Security Manager (Inside IR35)
My client, a Financial Services firm based in Redhill, Surrey, is looking for a Third Party Security Manager to join their growing team. You will have to be in the office 2 days per week.
About the Third Party Security Manager:
The purpose of this role is to deliver business enabling Third-Party Security Management Services across my client in an effective, timely, consistent, and professional manner. To ensure the protection of my client's assets, which are accessible by third parties, and to maintain an acceptable level of information security in line with third-party agreements.
Key Accountabilities:
1. To provide technical consultancy on third-party risk and act as subject matter expert to the business and other members of the Security team as required.
2. Accountable for setting, agreeing, and maintaining the Third-Party Security Functional Plan with the Head of Security Assurance & Controls and organizing the Third-Party Security Team to effectively deliver that plan.
3. Responsible for establishing, agreeing, and continuously assessing the materiality and priority of Third-Party supplier assessment across my client's business footprint.
4. Responsible for logging, tracking, and reporting the progress of all of my client's Third-Party assessments in my client's Group Third-party tool or suitable alternatives.
5. Ensure that all Third-Party Security consultancy, recommendations, and advice provided to Third-Parties and my client's Stakeholders meet the requirements of my client's Group Security Policy, Standards, and Minimum Technical Security Baselines (MTSBs).
6. Responsible for the timely provision of supplier due diligence support prior to establishing a Master Service Agreement and signing contracts.
7. Leveraging security tooling such as Black Kite to support risk assessments.
8. Issuing and reviewing a third-party questionnaire through the SIG health check process.
9. To create a third-party security risk report to summarize any findings and actions identified through the assessment process.
10. To assist the rest of UK Security in producing risk assessments of Group and third-party tools and platforms, as required.
Qualifications:
* Degree level qualification or equivalent work experience.
* Relevant professional qualifications e.g. CISSP, CISM, CISA, CRISC, MIISP, desirable but not essential.
Skills & Knowledge:
* In-depth experience of Security domains, control environments, architectures, tracking tools, reporting metrics, and risk management.
* Understanding of the workings of UK General Insurance.
* Excellent communication and interpersonal skills.
* In-depth knowledge of one or more sets of business processes, applications, or key technologies (e.g. Networks, desktop and mid-range infrastructure, communication technologies) in use within the Company.
* Excellent understanding of systems life cycles and project management.
* Ability to assimilate information quickly, clearly identify key issues, and present information concisely.
* Ability to develop and maintain a wide network of contacts across the business.
* Ability to be self-sufficient and motivate staff.
Experience:
* Extensive Third-Party Security Management and/or IT Security or risk experience in a large commercial organization.
If the above is of interest, please apply to this role or call me on 0207 509 8040 to find out more information.
About the job
Contract Type: TEMPORARY
Specialism: Information Technology
Focus: Information Security
Workplace Type: Hybrid
Experience Level: Mid Management
Location: Redhill
Salary: £400 - £500 per day
Job Reference: OFXQDB-D12EBB62
Date posted: 4 March 2025
Consultant: Darius Goodarzi
Come join our global team of creative thinkers, problem solvers, and game changers. We offer accelerated career progression, a dynamic culture, and expert training.
#J-18808-Ljbffr