Aldermore Bank
,
Manchester, Greater Manchester
Information Security Third Party Assurance Lead
Overview
Job Description
Heard of us? We're an award-winning bank; backing people to fulfil life's hopes and dreams. Now is your chance... The Information Security team is a key part of the CISO function at Aldermore that helps the business deliver a safe and secure service to its customers. With a focus on the Aldermore customer journey, we drive our colleagues, managers and leaders to cultivate a working environment that encourages fast pace delivery and success. Those who join the Information Security team will be fully immersed in our business, having a pivotal role in influencing and understanding how our short, medium and long term aspirations can be realised in a secure and compliant way. With decades of collective experience available across the CISO team, we actively support and develop our people to help them fulfil their hopes and dreams, whilst continuing to meet the needs and expectations of our dynamic and exciting business. We are a high performing, but friendly and fun team that has worked hard to establish a reputation as trusted advisors to the business, providing the right balance of knowledge and challenge to support managers and leaders to make the right decisions, often at difficult times. The role of Information Security Third Party Assurance Lead is really important to us. You will be responsible for ensuring there is reasonable assurance over the security controls in place at third parties that provide services to the Organisation. Based in our dynamic Manchester office, you will sit amongst a team of 6 and report to the Security Governance, Risk and Compliance Manager. What would your day look like? * You will be working closely with procurement and supplier management teams ensure that a robust model is in place for assessing the security risks posed by third parties. * Developing, implementing and maintaining a programme of assurance to ensure that the risks are appropriately managed through reasonable assurance. * Maintaining vendor security assessment processes. * Assessing risk posed by suppliers and determining appropriate assurance approach. * Providing robust management information regarding the status of assurance activities across the supply base. * Working with the broader CISO team to ensure any risks associated with third party providers are appropriately captured and managed. What do we expect of you? * Experience working in an Information Security role. * Thorough understanding of independent assurance certifications and reports (e.g. SOC2, ISAE3000, ISO27001 Certification). * Extensive experience working with risk management frameworks with a strong grasp of risk, controls and assurance. * Experience of working with procurement and supplier management functions. * Strong relationship building skills and the ability to work with cross functional teams.