Third Party Risk Management

Key Responsibilities:

• Conduct comprehensive, structured cyber risk assessments to identify potential threats, vulnerabilities and impacts to information and operational systems.

• Provide recommendations for improving security measures and reducing risk exposure where applicable.

• Develop and propose risk mitigation strategies and controls to address identified vulnerabilities.

• Employ appropriate tools and methodologies to identify, assess and prioritise cyber risks across IT and OT estate.

• Collaborate with stakeholders to assign appropriate risk levels and priorities for remediation.

• Collaborate with stakeholder to gather detailed information on applications, systems and business processes.

• Work closely with internal colleagues and external teams to understand and assess the effectiveness of existing security controls.

• Assist in the validation of security measures to reduce risks to an acceptable level.

• Maintain accurate and up-to-date records of risk assessments, findings and mitigation efforts.

• Prepare regular, detailed reports for the Head of Risk Management outlining the current risk landscape, trends, emerging risks and recommended actions. - Manage and maintain the risk acceptance process ensuring that accepted risks are properly recorded and tracked.

• Ensure that risk assessments comply with relevant industry standards, regulations and internal policies.

• Collaborate with compliance teams to align risk management practices with legal and regulatory requirements.

• Collaborate with the Cyber Risk Management Manager to provide insights into potential risks and vulnerabilities associated with security incidents.

• Contribute to incident response plans by incorporating lessons learned from risk assessments.

• Remain current on industry best practice and the evolving cyber security threat landscape.

• Proactively identify opportunities to enhance risk assessment methodologies and processes.

Technical Skills:

• Deep understanding of cyber risk management concepts and standard operating procedures

• Deep understanding of cyber risk threat actors and associated modus operandi

• Deep understanding of application, system and network security controls and their relationship to risk mitigation

• Ability to recommend suitable technical controls at the application, system and network layers

• Ability to converse with highly technical colleagues and to understand vulnerability data

• Ability to interpret technical vulnerability information and translate that into business risk statements

• Ability to work with business colleagues and to understand and communicate risk from a business rather than technical perspective.

Qualifications Essential:

• Proven experience in cyber security risk assessment, risk management and Third-Party Risk Assessment.

• Proven experience in a hands-on technical IT (Cyber Risk) or OT role

• In-depth knowledge of risk management frameworks and methodologies.

• Familiarity with cyber security principles and best practice.

• Excellent verbal and written communication skills in English - Strong analytical, problem-solving and communication skills.