Avenga is a global IT and digital transformation champion. We deliver strategy, customer experience, solution engineering, managed services, software products and outsourcing services like: staff augmentation, team leasing and permanent employment.
Together, we are more than 2500 professionals with over 20 years of experience. We are present in Europe, Asia and the USA.
Senior Security Service Analyst (Risk Management)
Miejsce pracy: woj.
opolskie
Nr ref.: LP/CSSSA(RM)/POZ/05
Nr ref.: LP/CSSSA(RM)/POZ/05
Job description:
- 8+ years of proven experience in cyber security and/or third party security risk management
- Execute and support the full lifecycle of information security third-party risk assessments as needed, either individually or through available resources.
- Collaborate with internal third-party relationship owners and third-party representatives to recommend necessary security controls to effectively mitigate risks to the client
- Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party security risks
- Maintain and mature the third-party risk management process framework for security risk, including necessary standards, procedures, and technologies
- Execute and support the full lifecycle of information security and third-party risk assessments as needed, either individually or through available resources.
- Provide clarifying support, where necessary, to internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security risk assessment questionnaire.
- Coordinate with Legal and Procurement representatives to ensure proper security and privacy clauses are included in third-party contracts
- Effectively translate third-party responses to assessment questionnaire, using sound judgement, into concise risk exposure reporting for delivery to internal stakeholders
- Collaborate with internal third-party relationship owners and third-party representatives to recommend necessary security controls to effectively mitigate risks to GSK
- Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
- Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party risks
- Provide any necessary training and awareness related to the third-party security risk assessment process
- Contribute to the gathering and distribution of periodic program metrics and/or dashboards
- Provide insights on other security risk management matters, as necessary, in collaboration with the broader GRC/Cyber Risk team.
- Provide consultancy SME support in conducting security posture assessments as part of continuous monitoring or post breach scenarios to ensure that suppliers have adequate security controls.
- This role will engage with senior business stakeholders and requires a clear understanding of business imperatives in order to build commensurate cyber security controls around third-party risk. Knowledge of such controls needs to be at an expert level.
- Salary: 140 - 180 PLN per hour (B2B)
Requirements:
General
- Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
- Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products
- Prior experience in conducting cyber Security risk assessments and 3rd party security and data privacy assessments
- Stakeholder/ internal business management experience
- Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority
- Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork
- Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
- Exposure to any GRC technologies to conduct cyber risk management
- Technical/Functional (Line) Expertise (Breadth and depth of knowledge, application and complexity of technical knowledge)
- Experience in evaluating third parties for the presence of fundamental information security controls.
- Experience conducting risk assessments and applying concepts of inherent and residual risk in order to draw appropriate conclusions and articulate the same to non-technical audiences.
- Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of GSK information.
- Leadership (Vision, strategy and business alignment, people management, communication, influencing others, managing change)
- Influencing action across various business lines and geographies to achieve program objectives.
- Ability to effectively manage conflicting priorities in alignment with overall business and departmental strategies.
- Developing strong relationships with leaders of complementary programs (e.g. Procurement, Legal, Ethics & Compliance) to ensure harmonization.
- Decision-making and Autonomy (The capacity and authority to make organizational decisions, autonomy in decision-making, complexity of decisions, impact of decisions, problem-solving)
- Operates autonomously in the execution of the third-party security risk program framework.
- Serves as central point-of-contact for evaluating security risks associated with all third-party engagements.
- Recommends and agrees with Line Manager the need for shifts in program strategy.
- Interaction (The span and nature of one’s engagement with others when performing one’s job, internal and external relationships)
- Excellent project management skills to effectively balance unexpected and conflicting priorities as they arise
- Experience operating effectively across matrixed organizations
- Intercultural sensitivity
- Innovation (The required level of scientific knowledge, knowledge sharing, innovation and risk taking)
- Understand innovations and evolving best practices amongst industry practitioners of third-party security risk management to continually mature GSK’s program.
- Ability to apply innovative approaches to balancing business constraints with program goals to identify win-win solutions.
- Complexity (Products managed, mix of businesses, internal and/or external business environment, cultural considerations)
- Global SME role, but with coordination to the global third-party program.
- Operate across geographies and across business lines.
- Collaborate effectively with relevant third parties and managed service provider.