Governance, Risk & Compliance (GRC) Third Party Analyst – 12 months - £600 per day II35
Our client, an enterprise corporation that partners with a number of media, telecommunication and entergy companines worldwide is hiring a GRC Third Party & Risk Analyst on a contract basis paying £600 per day Inside IR 35 on 12 month contract basis with hybrid working in Winchester 2/3 days we week.
This role focuses on running due diligence against new suppliers and assessing their level of risk to the business, reviewing supplier contractual obligations to ensure compliance, analysing supplier contracts to ensure the relevant security controls are established, dealing with third party access requests, and ensuring relevant controls and documentation is in place to allow access. This role also occasionally requires working alongside Threat & Response to deal with potential supplier breaches which may arise
Core responsibilites:
- Assess new suppliers' security controls in line with the risk they present to business and categorise into relevant tier
- Support scheduled supplier security audit programme to assess the effectiveness of the organisation's security controls, identifying risks and ensuring they are completed on time, and to a high standard ISO27001:2022
- Support in implementing of our clents ongoing supplier security compliance regime, working with InfoSec colleagues and technical stakeholders to continuously assess, quantify and report on the successful and effective supplier compliance across the business with relevant standards, policies, and security frameworks
- Undertake regular assessment of supplier contractual security obligations and highlight any non-compliance
- Coordinate with third party suppliers and the Information Security Compliance Analyst to ensure supplier audits are undertaken
- Provide support to the GRC Supply Chain Assurance Lead on projects and bids from a security compliance and assurance perspective
Core technical requirements:
- Industry experiece within Telecommunications, Media or Smart Metering would be highly advatageous.
- Experience in information security supply chain management
- Experience/Knowledge of the Telecoms Security Act (2022) and subsequent secondary legislation, The Electronic Communications (security measures) Regulations 2022 and Telecommunications Security Code of Practice
- Good understanding of Risk Management and Access Management
- Good knowledge of relevant regulations and standards (e.g., ISO 27001, GDPR (General Data Protection Regulation), NIST (National Institute of Standards and Technology) (National Institute of Standards and Technology)
- Experience in undertaking audits
- Excellent communication and stakeholder management skills
- Strong analytical and problem-solving skills
- Professional certifications (e.g., CISA, CISSP, CISM, CISMP, ISO27001 Lead Auditor/Implementor) an advantage
- The ability to demonstrate a proactive and continual compliance approach
Governance, Risk & Compliance (GRC) Third Party Analyst – 12 months - £600 per day II35