Job Description
The role holder will perform risk assessments of external third party suppliers, identifying and Information Security weaknesses or policy breaches and reporting where appropriate- The role holder will use their in-depth Information Security and technical experience to assist in the management of the assurance function to ensure it is fit-for-purpose and is able to assess and analyse the threats and controls the risk environment of external suppliers- They will be a member of the Information Security management team and will be involved in Threat Management Groups and Information Security incidents where relevant, providing expert advice and guidance-
Responsibilities
· Responsible for conducting security risk assessments of third party suppliers- · Responsible for the production of high quality, informative and accurate reports in respect of third party assurance assessments- · Escalate, where appropriate, any failures to comply with Information Security controls in application / system implementation- · Provide expert advice and guidance to Information Security team in order to share relevant knowledge and initiatives- · May be called upon to provide incident and investigations support- · Provide advice to Information Security related briefings and Threat Management Groups- · Participate in and contribute to Information Security forums and bodies- Assist in the improvement of risk management and Information Security controls within the Group- · Ensure all activity is compliant with 3LoD, TCF, DPA and other relevant legislation · Contribute to the management of KRI's, MI and the setting and management of risk appetite-
The Individual
Level of role M1- This is a permanent position-
Key competencies
Business: Finance Management 1, Compliance 2 Technical : Risk Management 2, Fraud Knowledge 2, Insurance Principles and Practice 1, Data Analysis, Interpretation and deployment 1
| 
