Job Description

Flight Centre need a Third Party Security Risk Analyst (TPSRA) to make a step change in our control of our extensive third party network. Complete supplier cybersecurity assessments and reports in line with departmental procedures and processes.
You will be required to:
Maintain the third-party risk management process framework for security risk, including necessary standards, procedures, and technologies
Provide clarifying support, where necessary, to internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security risk assessment questionnaire
Effectively translate third-party responses to assessment questionnaire, using sound judgement, into concise risk exposure reporting for delivery to internal stakeholders
Collaborate with internal third-party relationship owners and external third-party representatives to recommend necessary security controls to effectively mitigate risks to Flight Centre Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
Responsibilities:
Ensure supplier cybersecurity assessments are completed to a satisfactory level
Maintain the third-party risk management process framework for security risk
Provide clarifying support, where necessary, to internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security risk assessment questionnaire
Effectively translate third-party responses to assessment questionnaire
Collaborate with internal third-party relationship owners and external third-party representatives to recommend necessary security controls to effectively mitigate risks to GSK
Competencies:
The ability to take the initiative, make informed and measured decisions and deliver outcomes from those decisions
Analyse and simplify complex problems
The ability to think ahead and establish an appropriate course of action taking into account the constraints imposed
Experience and Qualifications:
2+ years of experience in a Third Party Risk Assessment Analyst Role
1+ years of experience in an information security and/or program/project management role
A knowledge of Security frameworks such as PCI DSS, ISO27001/2, and/or SOC2
Experience and ability in creating meaningful security reporting
Experience of using OneTrust (or similar online tool) to process questionnaires and assess risks.
CISA, CISM, CRISC or CISSP or similar certification (preferred)
Been in receipt of Onetrust Training in their Vendor Management Platform (preferred)
Expected Rate:
£425 per day
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, gender identity, sexual orientation or age.