Third Party Risk Manager -Cyber

Location:
London
Job Type:
Contract
Industry:
Cyber Security
Job reference:
BBBH154411_1653055895
Posted:
almost 2 years ago

Third Party Risk Manager - Technology Third Party Security Review (TPSR) Lead

6 months

Hybrid Working-Canary Wharf

Our client, a market leading Financial Institution are looking for a Third Party Risk Manager - Technology Third Party Security Review (TPSR) Lead, to join them on a customer-based project based in Hybrid Working-Canary Wharf. The assignment is an initial 6-month contract and can offer a competitive daily rate via Umbrella

Role Purpose:

  • The Technology Third Party Risk - Cybersecurity Review Lead is a senior role responsible for championing Third Party Risk Management (TPRM) activities across Technology and achieving the overall purpose of the Third Party Risk Management team including with relation to the TPSR and Cybersecurity controls.
  • The role includes:
    • Governance and management of Third Party (TP) cybersecurity controls and findings from TPSRs across Technology engagements.
    • Providing Third Party subject matter expertise to all TP Cybersecurity transformation programmes ensuring the views of the Technology Third Party community are represented.
    • Identifying issues with the TPSR process which impacts Global Businesses / Global Functions (GBGFs), Third Party Engagement Managers (TPEMs) and Third Party Risk Officers (TPROs) and driving the resolution of these.
    • Ongoing management and monitoring of Third Party Security Reviews (TPSR) management information.
    • Oversight and support in closing / remediating findings as a result of TPSRs.
    • Identification of continuous improvement opportunities relating to Third Party Cyber / TPSR controls and processes.
    • Supporting broader Third Party Risk Management activities and priorities as required

In They will:

  • Have a strong Third Party Risk and Cybersecurity background, as well as an understanding of the broad spectrum of Third Party Risk domains (e.g. regulatory compliance, resilience).
  • Ideally bring an audit focussed mind-set to the role in order to drive increased levels of compliance to the Third Party Risk Framework.
  • Review the design and operating effectiveness of Cybersecurity related Third Party Risk controls, ensuring these are being monitored adequately, and action is taken where required.
  • Review, validate and challenge, where appropriate, of Group reporting (e.g. GRAS, Procurement KCIs / KPIs).
  • Be the point of contact for all TPSR related matters for Technology.
  • Liaise with the TPSR team, Group Third Party Unit (GTP-U). Technology Chief Control Officer (CCO), Group Third Party Risk (2nd Line of Defence) and Internal Audit (INA / 3rd line of defence) on behalf of Global Technology TPRO for TPSR related matters.
  • Assist in the development, review and implementation of Management self-identified issues (MSIIs), from inception, through to tracking actions and closure.
  • The GlobalTPRO has implemented governance over Technology Third Party Risk. The Technology Third Party Security Review (TPSR) Lead will be expected to:
    • prepare material and present at Governance fora as required.
    • monitor completion of TPSRs for in-scope Technology engagements.

Principal responsibilities

Impact on Business

  • Support the Global TPRO by acting as the local point of contact / interface/ champion for TPSR related matters on behalf of Technology.
  • Review and monitor TPSR related issues across all entities within Technology locally.
  • Measure and monitor Third party risk controls against set objectives criteria. Initiate remedial action where required.
  • Develop, measure and monitor management self-identified issues which impact Third party risk controls.
  • Escalation through reporting line where decision/issue is of significant materiality or regulatory importance.
  • Escalation of cross risk/cross business impacts where agreement cannot be reached to Global Third Party Risk Office.
  • Review of analysis, MI and reporting produced by various stakeholders.

Customers / Stakeholders

The role will involve frequent liaison with a large range of stakeholders including:

  • IT GBGF and Regional IT TPROs
  • Third Party Engagement Managers (TPEMs)
  • Cybersecurity teams, in particular the Third Party Security Review Team
  • Chief Control Officers (CCOs)
  • Technology Senior Management
  • Internal Audit and External Auditors / Local regulators liaison / engagement
  • Risk Domains and Risk Stewards
  • TPM Transformation Programme teams

Leadership & Teamwork

  • Act as a management interface between Technology, CCO and the Third Party Security Review Team.
  • Influence stakeholders within Technology to create an environment of robust, pro-active and informed Third Party risk awareness in relation to Cybersecurity and TPSRs.
  • Build strong working relationships across Technology, including IT GBGF / Regional TPROs.
  • Work closely with Group TPM to align the practices and governance structures to share / absorb best practices.
  • Maintain transparent communication channels with all relevant stakeholders.

Operational Effectiveness & Control

  • Actively track and manage the ongoing utilisation of risk capturing tools and utilities.
  • Embed and oversee TP Risk and TP Cybersecurity procedures and assure adherence to policies and processes.
  • Engage with IT GBGF / Regional TPROs and Third Party Engagement Managers to promote consistent Third Party risk mitigation for Cybersecurity and TPSRs.
  • Report to the Technology Third Party Governance forum on the nature and level of Technology's exposure to Third Party Security Risk and the effectiveness of the arrangement to control the risk and keep the exposure within appetite.
  • Perform periodic conformance reviews to ensure
Back job search
Back to Search Results
.