Cyber Security Third Party Risk Management
Cyberjaya, MALAYSIA Infra / Networks / Telecom
Job description
· Job Description:
Job Description:
The Third Party Risk Management Security Advisor is responsible for managing security risks associated with all third parties including clients, vendor/suppliers, partners and others. The role will establish and continually improve the third party risk management program by building business partnerships internal to DXC with the information assurance/OCIO, sales/sales support and account management team, supply chain, legal, privacy and other business functions. The role conducts risk assessments for DXC suppliers/vendors, responds to client due diligence and post contract questionnaires, negotiates Data Network and Security Schedule and Client Master Services Agreements from a security perspective. The role will also be responsible for service management of one of the offerings under the third party risk management team.
Detail responsibilities:
· Consult and contribute to sales contract process by reviewing and providing guidance on compliance, data privacy and security terms. Provide redlines on Client security terms and guide Legal and Sales teams on risk levels of various contract requirements. Review Client deals and provide security risk data. The risk analysis will identify security risks associated with Client proposed deals.
· Perform Data Network and Security Schedule subject matter expertise support in order to establish acceptable and prohibited uses of our confidential data by Third Parties.
· Perform supplier Security Risk Assessments to enable the business to make informed decisions about security risks associated with a particular
· Act as the service manager for one of the TPRM services moving the service through the maturity model
· Create and generate monthly reporting statistics
· Perform other duties as assignment by management
Required education:
· B.S. degree in a technology discipline, cybersecurity or risk management or equivalent related experience and training required
· Security certification such as CRM, CRISC, CTPRP CISSP, CISM or relevant related experience and training required
Basic technical requirements:
· 5+ years relevant experience desired
· Ability to build, manage and improve the security programs identified, specifically the third party risk management assigned using the identified CMM standards
· Working knowledge of the appropriate security standards and frameworks including ISO, AICPA SOC, NIST, and other standards as they are identified
· Familiarity with industry standard tools to manage work load (ServiceNow, SharePoint)
Basic skills (non-technical)
· Skills including being analytical with attention to detail and long periods of focused attention and sitting, ability to prioritize, troubleshooting
· Ability to perform effective third party risk assessments and the ability to respond to third party risk assessment in a timely manner
· Strong written skills to produce security feedback on contracts that are easy to understand for each defined audience
· Project management skills and ability to manage multiple tasks and project simultaneously