Third-Party Security Lead
Ireland
Full-time
Permanent employee
About the role
Reporting to the Information Security Manager, the Third-Party Security Lead plays an important role in assuring the security of Monument Re’s assets stored, accessed or processed by third party suppliers and outsourcing partners. The role-holder will possess a good understanding of security controls, risk management, and operational security practices and have experience of assuring external entities comply with required security standards and regulatory requirements.
Responsibilities
Third-Party Risk Management
- Lead the assessment, onboarding and continuous monitoring of third-party vendors and outsourcers.
- Maintain and improve the Monument Re third-party risk management framework aligned with industry standards such as ISO27001 and regulatory requirements such as DORA.
- Document, manage and track third-party risks on the information security risk register and report key risk indicators (KRIs) and metrics as part of periodic management reporting.
- Act as the primary point of contact for all third-party security matters and be the subject matter expert (SME), offering guidance and training to internal teams on third-party best practice. This includes incident management i.e. responding and investigating third party related incidents or breaches, engaging with internal and external subject matter experts as part of security incident response procedures.
- Working in partnership with the Group Vendor Management (GVM) team, support security vetting as part of due diligence during vendor selection as well as periodic assessments and reviews once third-parties are onboarded.
- Conduct both on-site and remote security assessments and audits where required, this includes vendors located in all the regions where Monument Reoperate, ensuring regulatory compliance.
- Evaluate vendor responses to security questionnaires and audit/assessment results and work with GVM and third-party relationship holders to quantify, manage and track risk.
- Configure and operate third party monitoring systems to immediately highlight issues and risks.
- Work with Monument Re’s technical teams and security suppliers to conduct technical security testing on third-party vendors as needed.
- Collaborate with the Legal, Compliance and GVM teams to embed appropriate security clauses in contracts.
- Cross-train and act as a backup to colleagues in the GRC team within Information Security.
- Manage and assist in risk and control assessments relevant to 3rd party security and Information security controls requiring 3rd party in put e.g. penetration testing, vendor co-ordination, physical security assessments.
- Ensure Monument Re maintain compliance with all DORA-driven requirements and support the reporting and resolution of any security incidents and breaches at third-parties.
- Assist in the technical provisioning of compliance requests such as data subject access requests.
Role Requirements
- 5years experience in similar role in third-party or outsourced security assurance.
- Strong experience of working in a regulated environment, ideally financial services, where third-party vendors are required to conform to high security standards.
- Experience of the technical aspects of security as well as governance risk and compliance.
- Experience of planning and delivering third-party assessments and audits, working with external partners to agree the remediation action plans and tracking progress through to close of findings.
- Experience with working in partnership with vendor management and procurement functions.
- A thorough understanding of DORA and the regulatory requirements for managing third-party risk.
- Ability to work independently and think proactively.
- Ability to deliver results through collaboration and influencing of internal and external stakeholders.
- Ability to effectively communicate with all stakeholders, explain third-party risk and advocate for the implementation of required security controls across third-party and outsourced vendor landscapes.
- Experience of representing the information security function in management forums and periodic vendor review meetings to report on and articulate third-party risk as well as make recommendations to mitigate or close these risks.
- Good interpersonal, written and verbal communication and engagement skills with experience of engaging with all levels of employees and external partners.
- Must have high attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency.
- Be energetic, passionate with a positive attitude.
- Holder of relevant security certifications (ISC2, ISACA etc.) or equivalent training/experience.
- Excellent English language skills. French language skills a plus.
- Periodic overseas travel will be required to deliver on-site assessments and audits.
Location
Dublin.
Hybrid.
Hybrid.
Equal Opportunities Statement
Monument Re Group is an Equal Opportunity employer. Our Corporate values of Trust and Collaboration demonstrate our commitment to fostering an inclusive culture where all our employees feel respected and valued. We recognise that each employee brings their own unique skill sets, capabilities, immutable characteristics, and varied experiences to their work. In turn, the Monument Re Group provides a work environment for all our employees to achieve personal and professional growth and development throughout their careers with us.