Security SME – Supplier Assurance Manager
Wednesday 30 October 2019 Salary Range
£0 - £0
\n We support agile working - click here for more information on agile working options. Agile Working Options
Other Agile Working Arrangements / Open to Discussion Job Description Summary
We have a fantastic opportunity in our Chief Security Office (CSO) for a new Security SME - Supplier Assurance Manager. This role would suit (but not limited to) a Technical Graduate/Apprentice with a passion for information/cyber security - the key is the desire to learn.
Reporting to the 3rd Party Supplier Assurance Senior Manager, you'll manage on a day to day basis security risk in the supply chain through all stages of the supplier lifecycle: from supplier selection and on-boarding; ongoing assurance; remediation and end of contract.
The key purpose of your role is to support the definition of the security requirements suppliers need to meet, validation of supplier criticality assessments, and develop / deliver assurance processes that protect our data and services entrusted to our suppliers.
The CSO is a vital part of delivering the Group's vision of putting customers at the heart of everything we do, helping Britain prosper, and protecting the Group and customers from security threats. We're responsible for defining and communicating Lloyds Banking Group's security strategy and providing dedicated support and constructive challenge to business areas to ensure the delivery of an effective and compliant security risk management framework. The CSO contains a number of functions focussing on protecting the whole Group through physical security, cyber security, intelligence, investigations, operations, monitoring, oversight & assurance and business engagement. Your Accountabilities:
Key capabilities/knowledge You'll Bring:
- Validate criticality assessments for new and existing suppliers against evolving threats, and maintain an inventory of suppliers based on their risk profile.
- Review and update security requirements for inclusion in supplier contracts.
- Maintain and enhance ongoing security assurance controls and processes and guide their implementation.
- Ensure scoping for supplier assurance reviews is appropriate and includes relevant controls for onsite testing (including production of 3rd party reports e.g. BitSight).
- Assess suitability of supplier evidence to close remediation activity.
- Monitor the security ratings of critical suppliers on a continuous basis, investigating and initiating remedial actions in response to events and alerts.
- Provide mentorship and interpretation of security findings from monitoring and assurance activities, working with relevant internal teams and suppliers as appropriate to ensure successful and timely completion of agreed actions.
- Support the continuous improvement of security assurance processes and capabilities
- Provide SME support to key supplier assurance programmes for example Group Sourcing Programme and GDPR Supplier work stream.
- Support management of any supplier related cyber incidents through to closure.
- Support programmes / projects (including Group Transformation) where suppliers are supporting new acquired / outside activities
- Deputise for Senior Manager as and when appropriate
What can we offer you in return?
- The want to gain experience managing information / cyber security supplier assurance in large corporate organisations
- Awareness of security threats and their mitigations
- Monitoring compliance with policy and standards, particularly ISO 27001, other external attestations (SOC1, PCI DSS) and NIST Cyber Security Framework
- Awareness of risk management practices
- Good partnering management skills
- To seek exposure to conducting governance and oversight activities of supplier E2E assurance processes, supplier management and supplier on-boarding processes
- To increase experience with security monitoring tools - BitSight, Riskrecon etc.
As well as a competitive base salary you'll receive a package that includes:
- A flex benefits cash pot you can adjust to suit your lifestyle (4% on top of your basic salary)
- Discretionary Performance Share Award
- Generous pension contribution (up to 13%)
- Private health cover
- Access to share schemes
- 30 days holiday plus bank holidays
Apply today, we'd love to hear from you. Together we make it possible. At Lloyds Banking Group, we're driven by a clear purpose; to help Britain prosper. Across the Group, our colleagues are focused on making a difference to customers, businesses and communities. With us you'll have a key role to play in shaping the financial services of the future, whilst the scale and reach of our Group means you'll have many opportunities to learn, grow and develop. We're focused on creating a values-led culture and are committed to building a workforce which reflects the diversity of the customers and communities we serve. Together we're building a truly inclusive workplace where all of our colleagues have the opportunity to make a real difference.