Expert Third-Party Security Risk Management
As an experienced professional in third-party security risk management, you will play a pivotal role in helping clients identify and assess potential security risks associated with vendors and suppliers. Your expertise will be essential in creating value by delivering high-quality third-party risk assessments, advising on frameworks and standards, and supporting assurance and remediation activities.
* Deliver comprehensive third-party risk assessments that cater to the full lifecycle of third-party engagements, from identification to ongoing monitoring.
* Apply your knowledge of cyber and risk frameworks to evaluate third-party risk management programs and recommend practical improvements.
* Perform vendor due diligence, control testing, and audit reviews to ensure compliance with regulatory requirements.
* Collaborate with clients to close security gaps or enhance supplier oversight processes.
* Coach and share knowledge with junior team members to enhance their skills and expertise.
* Contribute to growth and innovation by assisting in the development of new methodologies, tools, and service offerings in response to evolving market and regulatory expectations around third-party risk.
About You
* Minimum 2 years' experience in cyber security, technology risk, or third-party risk management, preferably gained through consulting, assurance, or a second line of defence role.
* Working understanding of cybersecurity and IT risk frameworks and how they apply to vendor environments.
* Strong analytical and problem-solving skills, with the ability to work autonomously and deliver high-quality outcomes under time pressure.
* Certifications such as CISA, ISO Lead Implementer/Lead Auditor, CISSP, or cloud security certifications.
* Ability to obtain an Australian Government security clearance.