Develop and maintain Security Controls relating to AXA's 3rd Party suppliers.
Carry out reviews/audits/risk assessments to ensure Third Parties are compliant to inhouse Security standards.
Align AXA's 3rd Party security assurance to the group standards.
Ensure Contracts include security schedules.
Own relationships with third party suppliers and follow up on unresolved issues.
Support, review and quality assure assurance Reporting and Dashboard.
Key Responsibilities:
Collaborate with Manager and establish a supplier security assurance framework.
Ensure the framework is aligned with AXA procurement process and vendor due diligence process. Experience required - 3 to 6 years.
Assess and develop a supplier information risk tiering to rate suppliers based on criticality of services to be delivered to AXA and its impact to AXA.
Engage with wider AXA stakeholders to understand and gather AXA supplier strategy and risk management requirements.
Assess and develop a set of security requirements from AXA Information policy framework to be included as part of supplier contract schedules.
Engage with Manager to develop an engagement model to assess and review all new suppliers with inputs on control requirements from the Security risk assessment team.
Perform an initial review and due diligence of supplier logical and physical security controls.
Engage with Security Risk Assessment team to validate supplier due diligence findings and highlight to AXA stakeholders, procurement teams identified security risks. Support the supplier on boarding process.
Conduct regular reviews of supplier security compliance to contractual requirements and report on performance and SLAs.
Assess and rate supplier compliance and provide recommendations to resolve outstanding issues.
Report to stakeholders on current supplier risks and historical performance with KPIs and Dashboards.
Ensure supplier fulfil all contractual obligations before off boarding process is completed.
Negotiate Security clauses to be included in contracts with supplier.
Key stakeholders:
Internal actors: Expected to interact with IT Operations & Business Operations, Group Procurement, Legal, Data Privacy, Local Information Security teams and peers.
External actors: Expected to interact with external service providers and vendors.
