Founded in 2014, our customer is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications. Headquartered in Paris, London, Singapore Vierzon and New York, our customer has a team of 300+ professionals developing a variety of products and services to safeguard cryptocurrency assets for individuals and companies – including hardware wallets line already sold in 165 countries.
Working with internal stakeholders, external consultants and suppliers, the Manager, Security, Risk Management & Supplier Assurance ensures that all suppliers are assessed or on-boarded with appropriate due diligence or security maturity identification. He/She will assist with supporting activities including PMO functions and remediation.
His role is for a well rounded and experienced Risk Management professional covering supplier assurance, 3rd party risk assessment as well as responding to requests from customers for review of our customer own risk management practices and procedures. The role will focus not only on data risk management, but broader associated risk topics. The role will focus on providing a clear line of sight between effective due diligence of a supplier and financial loss or reputational damage.
Reporting to the VP Security Governance, Risk and Compliance and working closely with Legal, Procurement, Data Protection and Business Continuity functions he/she will help expand existing risk management frameworks and practices.
- Working individually or as part of a project team to provide supplier data security advice and guidance
- Provide subject matter expertise on all new supplier on-boarding activities including due diligence testing and security schedule contract negotiation
- Perform on-site Third-Party Security Assessment (TPSA) assessments of all critical suppliers that transmit, process or store our customer data
- Work with existing and new suppliers to confirm exit strategy, data retention and data return measures
- Assist with back-office functions and activities including TPSA scheduling, PMO, Reporting and remediation tracking.
- Assist in a continuous improvement regime.
- To work collaboratively with teams from other disciplines within our customer and with its supplier(s).
- Manage concurrent complex activities to short timescales.
- Ability to work under pressure to deliver good quality assessment reports.
- Timeliness of responding to supplier queries
- Delivery of new supplier on-boarding completion.
- Delivery of on-site Third Party Security Assessment (TPSA) reports
- Delivery of key MI to support the reporting function across markets
- Be prepared to travel for assessments (includes international) – between 30-40% -when possible –
- A recognised security certification such as CISSP, CISA or CISM is desirable but not essential
- In depth experience in an information security related role is key
- Good knowledge of all domains within security e.g. BCM, Physical, GDPR / Data Protection, Cloud, Security Management
- Ability to explain technical complex concepts to non-technical stakeholders and suppliers
- Experience of conducting high level assessments and deep dive multi-day assessments or audits.
- Ability to produce high quality audit or assessment reports.
- Experience of conducting contractual mark-up and negotiation with suppliers
- Ability to provide PMO and reporting activity in support of a broader function
- Good communication and influencing and negotiation skills;
- Experience in a similar role for a complex global organisation (insurance or financial services sector preferred but not essential).
- Previous experience with Archer or other similar tools advantageous but not essential