Role Title: Third Party Security Analyst
Reports to: Senior Security Governance and Risk Manager
Department: Security – Governance, Risk, and Compliance
Role Purpose:
This position plays a crucial role in delivering essential Third Party Security services, driving and implementing an integrated information security strategy that aligns with market expectations, business needs, and risk profile. The role ensures that security controls and processes meet data protection requirements, providing assurance to customers and internal stakeholders that our suppliers comply with regulatory and compliance obligations.
Key Responsibilities & Accountabilities:
- Evaluate security risks associated with third-party suppliers, interpret impact assessments, and review supplier assurance questionnaires.
- Collaborate with various stakeholders, including Procurement, Service Management, Privacy, Legal, and LG.
- Support the OneTrust Third Party Risk Management Module tool for all suppliers, meeting KPI targets and reporting requirements.
- Assist in the delivery of Boiler Plate Business Responses for the Questionnaire Response Automation Module of OneTrust.
- Conduct information security reviews of suppliers, both in-person and virtually, producing supplier assessment reports with insights and recommendations.
- Communicate and build relationships with key business stakeholders and suppliers.
- Drive continuous improvement of Third Party Security policies, procedures, and processes.
Experience in Information Security:
- Understanding of the principles within ISO27001.
- Professional Qualification – CISM/CISA or ISO27001 Lead Auditor (working towards).
- Experience with a GRC tool, such as OneTrust.
- Collaborate with external partners, suppliers, and customers to ensure all security requirements are met for Third Party Security Assurance and Compliance.
- Maintain high levels of communication with key internal stakeholders to gather responses for security questionnaires and audit reviews.
- Present to multiple audiences, including senior management, using both written and verbal communication, reporting on the outcome of audits and risk management activities related to Third Party Security.
To discuss further, please contact the Technology team at Venn Group