Listing Description

Key Responsibilities

• Manage and assess a portfolio of third parties in-line with dunnnhumby’s Third Party Assurance framework and information security standards, ensuring each step is completed within SLA


• Work with third parties to review technical and governance controls and identify weaknesses / non-compliance as control gaps


• Track and manage gaps and risks both internal and at third parties through to remediation


• Maintain an up-to-date record of third parties that provide services to dunnhumby


• Assist in overseeing risk mitigations involving both third parties and internal stakeholders


• Validate risk rating of new and existing third parties through the Business Impact Assessments


• Support the continuous improvement of the Third Party Assurance and risk management processes


• Undertake third party site visits to validate the status of vendor controls


• Be the central point of contact for queries related to third party assurance


• Build and manage stakeholder relationships with the business and third parties


• Coordinate and deliver risk and metrics reporting, with guidance and recommendations, to enable senior business owners to make the most appropriate risk decisions relating to the use of suppliers


• Provide an assurance and advisory role to dunnnhumby’s internal teams on the implications of IT and data security for dunnhumby


• Consult with internal technical teams relating to third party controls


• Monitor on-going compliance of suppliers within set schedules depending on their risk profile

Qualifications and Experience

• CISSP, CISA, CISM , Master’s degree or equivalent in Information Security


• Risk Management


• Experience with information security standards and risk frameworks such as NIST/ISO27000/ISO31000/PCI-DSS


• Information and Cyber Security best practices


• Stakeholder management


• IT Systems Auditing