Information Security Analyst - Third Party/Supplier Assessments
This position will play a pivotal role in the organisations GDPR program. You will be conducting due diligence questionnaires across over 200 suppliers as well as creating actions based on the results.
You will provide support to the Enterprise Information Security team including:
- Co-ordinating the Sending, return and assessment of due diligence questionnaires as part of our supplier contract update process under the GDPR program.
- Working with suppliers so that they understand the questionnaires and return suitably detailed answers.
- Arrange follow questions or calls to help gain clarity of suppliers control environment.
- Collate the answers to the questionnaires from the suppliers
- Produce recommendations based on the output from the due diligence questionnaires in relation to the controls that suppliers have in place.
Skills & Knowledge
- CISSP, CISM, GIAC,CISA or CRISC Certification preferred
- A good knowledge of Information Security and controls that are required to provide effective protection to systems and data eg ISO27001, COSO
- Knowledge of risk assessment and risk management techniques and their application
- Good stakeholder management skills, with an ability to understand and communicate complex Information Security matters to a variety of audiences.
- Excellent time management and organisational skills.
- Ability to work under your own initiative with limited supervision to deadlines.
- Experience of working in Information Security or similar function with a focus on supplier management and performing due diligence exercises.
- Experience of managing due diligence checks and undertaking Supplier/Vendor Assessments across a significant numbers of suppliers.
Initial 3 month contract based in London. You will need to undergo criminal and background checks as part of this position.