Senior Analyst - Third Party Technology Cyber Risk
Senior Analyst - Third Party Technology Cyber Risk
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The Senior Analyst Third Party Technology & Cyber Risk role is part of the Technology & Cyber Risk function within the Technology Business Unit. This role will support the manager in aligning to the strategy and of third party technology risk management third party cyber security management ensuring relevant technology and cyber clauses within the contractual management process and overall governance of technology third parties. This role is responsible for adhering to and identifying improvements to relevant frameworks policies practices and controls to maintain the risk posture within the appetite.
Key Responsibilities:
- Adhere to the Third Party Risk Management Policy and Third Party Technology & Cyber Risk Management Framework and support the delivery of associated strategy target state roadmap and supporting processes and procedures.
- Conduct indepth risk assessments and due diligence on potential and existing third parties (including material service providers) to identify risks and compliance gaps in accordance with CPS 230 and CPS 234.
- Conduct assurance on third party owned technology and cyber controls to ensure adherence to regulatory requirements internal policies and procedures.
- Engage third parties in relation to noncompliance potential issues and/or incidents identified. Develop a plan in consultation with the business and third parties to remediate and ensure corrective actions are tracked to completion.
- Establish and maintain the governance structure for ongoing management of third party relationships including regular performance and compliance reviews.
- Collaborate with all technology teams to embed effective vendor management practices aligned to the TAL Procurement Procedure and Vendor Management Model.
- Identifying potential areas for improvement for third party governance enhancement and upgrade by maintaining a good working knowledge of all services provided to TAL Business Units.
- Collaborate with the Cyber Threat Management function and engage material and high risk third parties to determine their exposure to critical and actively exploited externalfacing vulnerabilities as well as their security posture against emerging attacker tactics and techniques.
- Assist with assurance and compliance activities to demonstrate the effectiveness of Third Party Technology & Cyber Risk Management function. Address the corrective actions and resolve gaps identified during the assurance and compliance activities.
- Support and assist with the negotiation implementation and management of technology and cyber clauses in the third party contracts with TAL Legal. Uplift technology and cyber clauses in the contractual terms in line with regulatory and threat environment changes as needed.
- Monitor and report on third party compliance with technology and security requirements as well as their performance against contracts and coordinate the corrective action as needed. Prepare datadriven insights to make more informed decisions.
- Stay abreast of regulatory changes and industry best practices related to Third Party Technology and Cyber Risk management to ensure the policies and procedures are uptodate.
- Develop and deliver training to internal stakeholders on Third Party Technology & Cyber Risk Management practices.
- Collaborate with crossfunctional teams including Technology Risk (Line 2 Audit Legal Compliance and Procurement to ensure a cohesive and integrated approach to Third Party Technology & Cyber Risk Management.
- Support delivery of TAL Cyber Security Report and independent assurance requirements to Group Partners to demonstrate effective assurance over TALs technology and cyber control environment on an annual basis. Lead the activities required to complete the Report or review including but not limited to engaging various parts of Technology and the wider Business Units collecting supporting evidence leading interviews/workshops with the independent assessor.
- Respond to technology risk and cyber security related questions raised by Group Partners through the Business Units on an ongoing basis and attend periodic governance meetings with the Group Partners as a representative of Technology & Cyber Risk function.
- Support the RFI/RFP activities led by the Business Units on behalf of Technology & Cyber Risk function.
Qualifications :
- Bachelors degree in Business Finance Information Technology or a related field. Relevant professional certifications (e.g. CISM CRISC CISSP) is a plus.
- Minimum of 2 years of experience in Third Party Risk Management Technology Risk Cyber Security or a related field with proven experience of supporting implementing and managing third party risk management programs.
- Strong understanding of regulatory compliance standards relevant to thirdparty risk and security (e.g. APRA CPS234 / CPS230 SOX ISO 27001 NIST CSF Privacy Act SOCI etc..
- Strong communication skills with the ability to translate risk into business impact.
- Selfstarter with strong organisational skills in a highly adaptive and a fast paced environment.
- Customer oriented mindset and ability to apply collaborative approach to achieving business outcomes.
- Thinker and doer with a pragmatic approach to make decisions and at the same time focused on outcomes.
Additional Information :
At TAL we value diversity in all its forms and are committed to fostering an inclusive and equitable culture for all our people. We encourage Aboriginal and Torres Strait Islander people individuals from all backgrounds including those with caring responsibilities people living with disability and individuals from the CALD and LGBTQI communities to apply. Even if you dont check every box in the criteria above we encourage you to apply today or get in touch with us here.
To provide you with the best experience we can accommodate you at any stage of the recruitment process. Simply inform our Recruitment team at any time.
TAL is recognised by the Workplace Gender Equality Agency as an Employer of Choice. We are proud to be a member of Diversity Council Australia and the Australian Network on Disability. For information on our reconciliation journey please read our Innovate Reconciliation Action Plan.
We acknowledge the Traditional Custodians of the Land in which our Head Office is based the land of the Gadigal people of the Eora Nation and recognise their deep connections to the land sea and culture.
We extend this acknowledgment to the many Traditional Lands that we operate across and pay our respects to Elders past present and emerging
Everyone at TAL has a responsibility to do the right thing and is accountable for the way they conduct themselves. Our expectations are that you follow the principles set out in our Code of Conduct when you come to work every day. Risk management is everyones responsibility.
If you are already a TAL employee please apply via the SmartRecruiters button in Workday and navigate to the Employee Portal. This is important to ensure that your application is recorded accurately.
Remote Work :
No
Employment Type :
Fulltime
Employment Type
Full-time
