Cyber Security Third Party Risk Management, Senior Analyst

The Cyber Security 3rd party Risk Analyst is a position, responsible to carry out vendor cyber assessments and contract reviews for external suppliers.

• Responsible for conducting timely security assessments of third-party suppliers, recording results accurately and initiating appropriate assurance responses
• Support the production of high quality, informative and accurate reports in respect of third-party assurance assessments
• Provide advice and guidance to stakeholders on Information/Cyber Security Minimum Requirements for assessments and for contractual arrangements with vendors
• Participate in and contribute to collection of KRI’s, MI reporting on 3rd party cyber risks and assessments
• Ensure all activities are compliant with NIST, GDPR and other Financial Services relevant legislation including CPMI IOSCO.

Support the Third-Party Senior Manager with all third-party vendor risk assessment activities and reporting tasks

Technical / job functional knowledge

• Degree or Masters qualification in Cyber, Information Security or IT management (desirable) or Legal related qualification
• Experience in information security, privacy or risk management in a financial and/or regulated services
• Experience reviewing and negotiating Information Security Agreements, ideally within a regulated industry.
• Understanding of risk management and effective Information Security strategy, practices, technologies and controls frameworks.
• Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
• Understanding of key regulatory requirements for technology and cyber security in the main LSEG operating centres
• Cyber security qualification e.g. CISSP / CISM (desirable)
• IT and cybersecurity policies and standards
• Operational risk frameworks
• Third Party Risk Frameworks
• Regulatory compliance
• Technology resiliency
• Data protection