Information Security Supply Chain Analyst

Job DescriptionSkills, Experience, Qualifications, If you have the right match for this opportunity, then make sure to apply today.

What will you be doing?

S&W Group is looking for an experienced Information Security Risk Professional with expertise in security compliance and assurance, ISO 27001 implementation, PMO (project management office), risk assessments, supply chain and working on other governance, risk and compliance projects within a team. You'll be highly motivated, pro-active and will become a productive member of a busy Information Security team, gaining exposure to a number of areas across the business.

As an Information Security Supply Chain Analyst, you'll verify that third parties meet the minimum-security requirements to protect our organisation from a supply chain related attack or incident. You'll apply relevant risk mitigations and deal with multiple stakeholders to ensure end to end treatment is applied. You'll also be part of our PMO and governance and compliance processes and will deliver updates to senior management in meetings and information security forums, whilst ensuring the business remains compliant to regulatory frameworks and good practice standards.

This role works within the Information Security Team and collaborates with other teams such as Privacy, Legal, Group Risk, Infrastructure, SecOps and Procurement, providing you with great opportunities for stakeholder engagement – it's a great time to join us at S&W.

This role is a permanent position to be based at our Liverpool office on a hybrid working pattern with minimum 2 days per week in the office.

The interview process will be in two stages and will consist of one face to face interview at the Liverpool office.

Your responsibilities will include among others

Perform internal information security risk assessments and recommend mitigation actions to be implemented in solutions

Perform vendor risk assessments and due diligences on third parties and recommend mitigation actions to be implemented by third parties

Assess third party adherence to the minimum-security standards and record/track deviations or concessions

Operate a risk-based assurance approach to ensure key third parties continue to comply with the defined security requirements

Generate MI and reporting on third-party assessments and maintain risk profile of third parties

Reviewing information security controls on an ongoing basis against the changing risk landscape to evaluate changes in residual risk and assess the sufficiency of the corresponding compensating control(s) or the need for new controls

Qualifications

Skills and Experience

To be successful in this role, you should have

Experience in Information Security governance, risk and compliance areas

Experience managing internal and third-party vendor risk assessments and writing risk assessment reports

Experience reviewing risk assessments, and SOC Type II reports for completeness and have worked with suppliers to address issues/concerns

Experience managing audit returns from clients and regulators

Supporting Legal and Procurement Teams with complex contract reviews/negotiations and communicating security risks/impacts to various business (often non-technical) stakeholders

Assisting writing Information Security related Policies, Processes and/or Procedures and analysing security controls

Desired

Experience in using good practice standards such as ISO 27001, ISO 22301, ISO 9001, Cyber Essentials and NIST

Experience in a Project Management Office

Degree or equivalent in Information Technology or Risk Management

Certification in Information Security domains

Certification in cloud architectures is advantageous, especially Microsoft Azure

Additional information

As a colleague here at S&W you will have access to benefits that include

Competitive salary

Private medical insurance

Life assurance

Pension contribution

Hybrid working model (role dependent)

Generous holiday package

Option to purchase additional holiday

Shared parental leave

Fully funded training towards professional qualifications

Cycle to work scheme

Season ticket loan

Eye care support

We are proud to value the differences that a diverse workforce brings, representative of society and our clients. At S&W we have a wide range of highly active employee resource groups and we're delivering multiple diversity, equity and inclusion initiatives across the organisation. It is our commitment to provide a workplace where all colleagues, regardless of identity, background, or circumstance, feel respected as individuals and feel that they can achieve their full potential and work in a safe, supportive, and inclusive environment.

We are happy to make any reasonable adjustments to accommodate for your needs throughout the application process. Please let your Recruiter know.