Global Third-Party Security Review Lead at Dentons

ROLE

• The role will focus on conducting third-party vendor security assessments and managing supply chain threats from a cyber security perspective. You will assess, track, measure, and report third-party cyber risk across the global organization.

KEY RESPONSIBILITIES & ACCOUNTABILITIES

• Lead the third-party cyber risk management lifecycle, from executing onboarding security reviews to the offboarding of vendors
• Develop an annual calendar of third-party re-assessment cyber security reviews on cyber risk presented to the organization
• Define and introduce into production required third-party security assessments based on services consumed by the organization that will complement current security assessments
• Identify and create appropriate cyber security risk MI across the third-party vendor estate
• Identify and implement improvements in current third-party processes and procedures
• Conduct third-party cyber security assessments and identify controls to mitigate cyber risks to the organizations cyber security posture from vendor relationships
• Follow established third-party cyber security risk management program guidelines to complete the onboarding of third-party vendors
• Collaborate with internal business teams and various risk/compliance subject matter experts to address and/or mitigate identified or potential cyber security risks
• Collaborate with various stakeholder teams to identify and communicate cyber security risk from third-party relationships and drive residual risk to acceptable levels
• Conduct reviews of IS clauses included in third-party contracts to help strengthen legal security posture for the organization
• Design and deliver training and education of staff in third-party risk management processes as needed
• Complete tasks with minimal supervision, in a collaborative, supportive environment
• Perform other cyber security risk duties as needed
• Lead the third-party cyber risk team members
• Supervise and manage junior team members

Requirements
SKILLS & COMPETENCIES

Technical Skills

• Skilled in the use of Microsoft Office suite
• Fluent in English language – written and verbal
• Personal Skills and Attributes
• Strong troubleshooting, reasoning, and problem-solving skills
• The ability to pick up and quickly understand new concepts and technology
• Critical thinking and analytical decision making to discover issues and risks pertaining to third-party risk management
• Team-oriented and skilled in working within a collaborative environment
• Ability to effectively multi-task, prioritize and execute tasks
• Ability to work independently and collaborate with geographically dispersed teams
• A strong work ethic and passion for finding answers
• Strong Client relationships building skills
• Stay current with industry trends in third-party and cyber security risk
• Excellent written and verbal communication, interpersonal and intercultural skills.
   

EDUCATION, EXPERIENCE & CERTIFICATIONS

• A bachelor’s degree from an accredited college or university
• At least 3- 5 years’ management experience
• 5+ years’ experience as a skilled practitioner in third-party or cyber/IS Risk Management
• Skilled practitioner in identifying cyber security risks in cloud services and providing mitigating controls
• Skilled practitioner in the mitigation and/or remediation of cybersecurity vulnerabilities
• Strong practitioner knowledge of third-party risk strategies and best practices
• Relevant industry certifications e.g., CRISC, CISM, CISA, ISO/IEC 27001 Lead Auditor
• Working knowledge and experience with industry standards and best practice including the ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and NIST Cybersecurity Framework
• LANGUAGE CAPABILITIES/INTERNATIONAL EXPERIENCE
• We are a truly global law firm and as such, always welcome hearing from those with foreign language capabilities. Additionally, we would be delighted to hear from candidates with a global background including professional experience gained across different geographies.

Benefits

• Work from home