Third Party Risk Assessor-UK Remote-£40,000-£60,000+benefits
Are you a seasoned Information Security professional with a passion for identifying and mitigating security risks?
As a Third Party Information Security Risk Assessor, you will play a pivotal role in the commitment to ensuring the highest standards of information security. You will work alongside a dynamic team of experts and be responsible for assessing and managing security risks associated with our third-party partners. This position will require a keen eye for detail, a deep understanding of information security principles, and the ability to communicate effectively with various stakeholders.
Conduct in-depth security assessments of third-party vendors, evaluating their information security practices and policies.
Identify security vulnerabilities and weaknesses in third-party partner systems, processes, and practices.
Collaborate with the third-party vendors to develop and implement remediation plans for security issues.
Provide detailed and clear reports on security assessment findings, risk levels, and recommendations.
Stay up-to-date with emerging security threats, vulnerabilities, and best practices to improve the assessment process.
Assist in developing and maintaining security assessment methodologies and documentation.
Work closely with cross-functional teams to ensure compliance with security standards and regulations.
To be considered for the role:
Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree is a plus.
Professional certifications such as CISSP, CISM, or CISA are highly desired.
Proven experience in conducting information security risk assessments, preferably in a third-party context.
Deep knowledge of security frameworks and standards (e.g., NIST, ISO 27001, CIS).
Strong understanding of common security technologies, tools, and practices.
Excellent analytical and problem-solving skills.
Effective communication and presentation skills, with the ability to convey complex technical information to non-technical stakeholders.
Self-motivated, organised, and able to work independently or as part of a team.