InfoSec Third Party Assurance Analyst

Centrica Plc

  • Location:
  • Salary:

Job Description


A fantastic opportunity to work in the high-profile security risk area of third party assurance. The Third Party Assurance Analyst will verify that third parties meet the minimum security requirements to protect our organisation from a supply chain related attack or incident. You will work within the security team primarily and also with teams such as Privacy and Procurement providing great opportunities for stakeholder engagement.

At Centrica we embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. To build a more sustainable future, we need the best team – a team with a diverse mix of people and skills, where everyone feels welcome and able to succeed. We are not looking for you to fit our culture, we want you to add to it and feel like you can bring your whole self to work!

Location: We are happy to discuss flexible working arrangements during the interview process.

Package: Competitive base salary plus annual bonus, healthcare and 25 days holiday

What will you be doing?

 * Operate the third-party security assessment process in response to procurement requests
 * Support the maintenance of the master security schedule, ensuring it aligns with security posture, published standards and controls
 * Assess third party adherence to the minimum-security standards an
d record and track deviations or concessions
 * Create high quality outputs with guidance and recommendations to enable senior business owners to make appropriate decisions
 * Operate a risk-based assurance approach to ensure key third parties continue to comply with the defined security requirements
 * Generate MI and reporting on third-party assessments and maintain risk profile of third-parties
 * Produce effective reporting and undertake briefings with technology and business leaders.

To be great in this role you will need:

 * Experience of undertaking third party reviews (including contract reviews) to verify compliance to security standards
 * Experience of reviewing SOC Type II reports for completeness and have worked with suppliers to address issues / concerns
 * Supported legal and procurement teams with complex contract reviews and negotiations
 * Administered Governance, Risk and Compliance tools and methods
 * Outstanding critical reasoning and probl
em-solving skills to overcome perceived blockers and issues
 * Stakeholder management and interpersonal skills at both a technical and non-technical level
 * Good knowledge of information security technologies, such as identity and access management, encryption, and multi-factor authentication
 * Knowledge of internal and/or external regulatory policies, standards, procedures and controls (e.g., CPNI, NIST, ISO27xx)
 * Ability to drive technical consensus and facilitate agreements with challenging stakeholders
 * Strong communication (oral and written) and conflict management skills
 * Ability to work under pressure, manage conflicting priorities and meet tight deadlines.
 * Experience in multiple ISMS systems and/or Governance frameworks such as NIST, COBIT, ISO27001,
 * Ability to take the initiative and seek and accept responsibility

Advantageous, but not essential:

 * CISSP, CISM, CISA, CRISC, ISO27001 Lead Auditor / Implementer
 * BSC Computer Science
 * Appli
cation Security Knowledge
 * Previous Experience as an ISO Information Security Officer

If you have a disability we will try our best to make reasonable adjustments to remove any barriers to this post in the application / interview process due to a disability.