Third Party Information Security Specialist (London Area)

Third Party Information Security Specialist (12 month FTC)

Hybrid working policy: 2-3 days per week required in the office.

DGH Recruitment are currently recruiting on behalf of a leading financial services client who are looking for a Third Party Information Security Specialist to join the team on an initial 9-12 month Fixed Term Contract.

The role will focus on assessing data and information security risks as part of an accelerated due diligence programme for a designated cohort of my clients third parties.

Responsibilities:

- Assess the information security profile of third parties, identifying and assessing potential threats, evaluating their security posture, and driving forward actions to help mitigate information security risks.

- Lead information and data security due diligence reviews of suppliers and risk identification by assessing their associated policies, standards and controls.

- Use an in-house defined third-party assurance framework to carry out proportionate assurance assessments for in-scope suppliers.

- Identify key controls to request and review evidence, form conclusions and recommendations in respect of the adequacy of the third party’s controls, including their design, quality, effectiveness and resilience.

- Document and report acceptable controls, and highlight any potential exceptions identified.

- Work closely with the Information Security, Data and Technology teams to ensure frameworks, standards and processes are understood and consistently followed

Required Skills / Experience:

- Strong background in information security assurance and third party risk.

- Demonstratable experience leading data and information security due diligence assessments and formulating consistent conclusions.

- Knowledge of the different types of controls that can be deployed to manage third-party security risks.

- Knowledge of key assurance certifications and assurance reports used in Information Security (e.g. ISAE3402, ISO27001, SOC2 reports etc.).

- A good understanding of Data Protection regulations and the broader third-party management lifecycle will be highly advantageous.

- Experience of working in the financial services industry advantageous.

Third Party Information Security Specialist (12 month FTC)