Team: Cyber Security
Reports To: Security Strategy & Compliance Lead
Job Type: Permanent/Full Time
Primark Technology is about to embark on a transformation journey to support business strategy which includes modernising our operating model as well as technology architecture and Cyber Security posture
This role is key in building and improving Primark’s Cyber Security Posture.
- Act as the subject matter expert for supplier on-boarding activities and security assurance reviews of third parties and suppliers to manage the associated security risks.
- Build and maintain relationships with stakeholders such as Legal, Procurement and suppliers to ensure that they are assessed, on-boarded, monitored and off-boarded in line with policy
- Increase the maturity of Primark’s third-party supplier governance process leveraging GRC platform to automate key processes and speed up decision making.
- Implement a standardised approach to measuring compliance against Security Policies and Standards, Financial control framework and Industry Standards
- Support ISO in embedding Policies and Standards with vendors and internal teams.
- Support the Risk Management process by ensuring all gaps in Policy and Security capability are fully documented in line with the risk acceptance process
- Work on addressing Policy gaps by advising the business of the appropriate technologies and supporting processes required.
- Monitor ongoing compliance of third parties and suppliers in line with policy and risk profile.
- Lead the oversight of all supporting activities, including reporting, flagging risks and issue remediation.
Knowledge & Experience Required:
- 3+ years experience of providing third party security assurance within a global organisation and detailed knowledge of Information Security Risk Management best practice and controls
- An appropriate degree, equivalent qualification or experience
- A recognised security certification is desirable e.g. CISM, CISA, CISSP or CRISC
- Be a passionate professional able to inspire others to challenge and disrupt the current reality to co-create a compelling technology/cyber security orientated future business by embracing new ways of working and successfully executing new opportunities
- An understanding and background partnering closely with stakeholders such as Legal, Procurement, Security compliance and privacy teams
- Significant experience of providing security supplier assurance in a complex global organisation
- Excellent stakeholder management, communication and influencing skills.
- Thorough understanding of supplier governance, understanding of security management processes, practices and technical countermeasures.
- Ability to analyse complex information and identify key and relevant points, including communicating in a relevant and easy to understand manner.