Information Security Manager – Third Party Risk Management

Location UK / Belfast

Job Type Permanent full-time

Salary Not disclosed

Updated 2 days ago

Reference 1421107

 Job Description

We are looking for self-motivated and experienced information security individuals with extensive experience in performing third party risk management activities.

Who are we?

PwC’s Operate business delivers large operational and managed service solutions for clients to meet regulatory, risk and compliance challenges.

With over 1,100 staff deployed on large implementation and execution programmes, Operate brings together top talent with a distinctive mix of knowledge and skills. We support clients by providing staff augmentation services, delivering large scale operational programmes and managed solutions. We deliver our client work from a range of locations, providing our clients with cost-effective delivery, access to subject matter expertise and operational excellence disciplines for some of the biggest brands worldwide.

About the role

We are looking for self-motivated and experienced information security individuals with extensive experience in performing third party risk management activities such as supplier security assessments/reviews, contractual terms analysis and negotiation, and ongoing monitoring of supplier adherence to security commitments.

You will need to demonstrate technical expertise in the following areas of Cyber Security

  • Knowledge of cloud computing environments – SaaS, PaaS and IaaS – and experience evaluating the associated organisational risks

  • Information Security assessment processes, including audit, vulnerability scanning and security policy and standards review. Experience creating and managing IT security policies and standards. Sound understanding of penetration testing results.

  • Understanding of Information Security fundamentals across multiple domains, including (but not limited to) security management, security architecture, application security, network security, access control, application development, operations security, physical security, cryptography, telecommunications and networking, business continuity planning, laws, investigations, and ethics;

We will also be looking for demonstrable experience in a management role where you have led your teams toward success. We expect our staff to be driven, enthusiastic and keen to build on existing experience.


Key Responsibilities
  • Manage a large and diverse portfolio of Vendors for the firm;

  • Evaluate and review third party vendor legal documentation and processes including MSA’s, SOW’s and RFP responses

  • Perform risk assessment on suppliers and identify control gaps

  • Negotiate remediation plan with suppliers

  • Maintain open communication channels with senior stakeholders through regular governance sessions, escalating appropriately as and when required.

  • Own the quality of all client outputs and ensure all client and internal document repositories are accurate and up to date

  • Operate as a federated subject matter expert across multiple engagements when required


Who are we looking for?

Essential Criteria

  • Degree in Information Technology or related subject

  • Previous experience in professional roles involving information security and/or management

  • Knowledge of information risk and compliance principles. Broad understanding of security technology and related risk and compliance issues

  • Senior stakeholder relationship management

  • Excellent attention to detail and a passion for delivering high quality output for clients

  • Previous experience in coaching and developing junior members of staff up to a required standard.

Desirable Criteria

  • Cyber Security related certifications including ISO27001 Lead Auditor, CISA, CISM, CIPP, CISSP

  • Strong understanding of information security controls & ISMS standards such as ISO27001/2, COBIT and NIST

  • Experience with SOC2 compliance standards


  • Ability to develop and manage structured third party risk identification, assessment, and treatment programs for large organisations

  • Ability to assess adherence to security controls using standard audit and assessment methodology (e.g. inquiry, inspection, observation)

  • Very strong customer facing verbal and written communication skills

  • Adept at translating technical IT security concepts into business terms

  • Ability to address risk utilising standardised and consistent methodology

  • Ability to identify and leverage relationships between data held in different applications to develop tools and reports that support the management of information security

  • Understanding of existing and upcoming legislative and regulatory requirements applicable to data protection and security.


What’s in it for you?

We will provide you with

  • An opportunity to work on a range of different programmes giving you variety and depth in your day to day work;

  • A fast paced, challenging environment with a clear career pathway;

  • The opportunity to work with industry leading clients across a range of industry sectors;

  • Dedicated technical and soft skills training to support your induction and ongoing career progression, with full access to PwC Professional frameworks;

  • The opportunity to undertake a relevant professional qualification; and

  • A people manager to support your ongoing development and progression.

Our Compliance Testing team is located in PwC’s Belfast office. Staff may be required to travel on occasion to various client locations and PwC UK offices for business meetings and training. We will however discuss and agree these requirements with you in advance of starting a project.