Information Security Consultant - Third Party Assessments - London
We're working with a consultancy client who require a consultant to support an end-client team conducting due diligence assessments of some of their highest risk suppliers.
We're looking for an experienced and appropriately certified practitioner to learn and use a specialist software tool to issue questionnaires to vendors - training will be provided in the assessment tool.
Main duties will include:
- Upload questionnaires and the vendors into software tool;
- Assess inherent risk;
- Issue questionnaires to the vendors;
- Chase vendors to complete their questionnaires;
- Review all returned questionnaires;
- Reassess risk;
- Request any additional information or clarification;
- Provide remediation actions to vendors;
- Follow up and review evidence of remediation;
- Update residual risk status for the 80 core vendors.
- Supplier/Third party assessment/ due diligence experience
- Strong risk management knowledge and experience;
- Experience of various data security and compliance standards, including ISO 27001, PCI DSS, DPA, EU 95/46 and EU GDPR and its implementation across European countries and Privacy Shield scheme;
- Wide ranging knowledge of Information Security and IT Security frameworks, standards and application of best practice;
- Security certifications, like CEH, CISSP, CISM, SSCP, ISO 27001 Implementer or Lead Auditor
- Formal qualification in Information Security domain or equivalent experience desirable
Initial 3 month contract based in London.