Third Party Risk Management

Key Responsibilities:

Conduct comprehensive, structured cyber risk assessments to identify potential threats, vulnerabilities and impacts to information and operational systems.

Provide recommendations for improving security measures and reducing risk exposure where applicable.

Develop and propose risk mitigation strategies and controls to address identified vulnerabilities.

Employ appropriate tools and methodologies to identify, assess and prioritise cyber risks across IT and OT estate.

Collaborate with stakeholders to assign appropriate risk levels and priorities for remediation.

Collaborate with stakeholder to gather detailed information on applications, systems and business processes.

Work closely with internal colleagues and external teams to understand and assess the effectiveness of existing security controls.

Assist in the validation of security measures to reduce risks to an acceptable level.

Maintain accurate and up-to-date records of risk assessments, findings and mitigation efforts.

Prepare regular, detailed reports for the Head of Risk Management outlining the current risk landscape, trends, emerging risks and recommended actions. - Manage and maintain the risk acceptance process ensuring that accepted risks are properly recorded and tracked.

Ensure that risk assessments comply with relevant industry standards, regulations and internal policies.

Collaborate with compliance teams to align risk management practices with legal and regulatory requirements.

Collaborate with the Cyber Risk Management Manager to provide insights into potential risks and vulnerabilities associated with security incidents.

Contribute to incident response plans by incorporating lessons learned from risk assessments.

Remain current on industry best practice and the evolving cyber security threat landscape.

Proactively identify opportunities to enhance risk assessment methodologies and processes.

Technical Skills:

Deep understanding of cyber risk management concepts and standard operating procedures

Deep understanding of cyber risk threat actors and associated modus operandi

Deep understanding of application, system and network security controls and their relationship to risk mitigation

Ability to recommend suitable technical controls at the application, system and network layers

Ability to converse with highly technical colleagues and to understand vulnerability data

Ability to interpret technical vulnerability information and translate that into business risk statements

Ability to work with business colleagues and to understand and communicate risk from a business rather than technical perspective.

Qualifications Essential:

Proven experience in cyber security risk assessment, risk management and Third-Party Risk Assessment.

Proven experience in a hands-on technical IT (Cyber Risk) or OT role

In-depth knowledge of risk management frameworks and methodologies.

Familiarity with cyber security principles and best practice.

Excellent verbal and written communication skills in English - Strong analytical, problem-solving and communication skills.