Job Description
The role holder will perform risk assessments of external third party suppliers, identifying and Information Security weaknesses or policy breaches and reporting where appropriate- The role holder will use their in-depth Information Security and Technology experience to develop the assurance programme to ensure it is fit-for-purpose and addresses future threats and changes in the risk environment- They will be a key member of the Information Security management team and will be involved in Threat Management Groups and Information Security incidents where relevant, providing expert advice and guidance-
Responsibilities
· Build and maintain strong relationships with internal and external stakeholders and service providers to ensure full compliance with the Information Security Policy and Minimum Standards- · Responsible for the production of high quality, informative and accurate reports in respect of third party assurance assessments- · Develop, embed and maintain an effective Assurance Programme- · Escalate, where appropriate, any failures to comply with Information Security controls in application / system implementation- · Responsibility for the management and development of the assurance team, ensuring clear and stretching objectives and personal development plans are in place for all members of the team- · Perform security risk assessments for complex third party arrangements- Review and ensure the quality completion of risk assessments of direct reports- · Work with the business and suppliers to develop, track and clear identified shortcomings and ensure that these are recorded as business risks until resolved- · Provide expert advice and guidance to Information Security team in order to share relevant knowledge and initiatives- · May be called upon to provide incident and investigations support- · Provide advice to Information Security related briefings and Threat Management Groups- · Ensure all activity is compliant with 3LoD, TCF, DPA and other relevant legislation · Contribute to the management of KRI's, MI and the setting and management of risk appetite-
The Individual
Level of role M2- This is a permanent position-
Key competencies
Business: People Management 2, Finance Management 1, Compliance 2
Technical : Risk Management 3, Fraud Knowledge 2, Insurance Principles and Practice 1, Data Analysis, Interpretation and deployment 2, Project Management 1
| 
