Third Party Assurance Manager

This role encompasses the strategic planning and management of Third-Party Risk ensuring alignment with both industry standards and regulatory expectations. As the Third-Party Assurance Manager you will be supporting the development ongoing maintenance and enhancement of the comprehensive Third-Party Risk Management (TPRM) framework and policies to align with industry best practices regulatory requirements and Wises Enterprise Risk Management framework.

Acting as a specialized Assurance/Audit Specialist focused on evaluating the security posture and data handling compliance of our Third-party providers you will leverage deep technical knowledge of information security controls privacy-by-design principles and audit methodologies. You will ensure compliance with global security frameworks data protection regulations (e.g. GDPR) and industry standards (e.g. SOC 2 ISO 27001) to maintain an assurance program that safeguards company and customer data and ensures the integrity and security of Third-party relationships.

Additionally you will contribute to the wider Third-party risk management strategy and ensure the effective design of Third-party risk controls and processes while also collaborating with the Third-Party Risk team on joint initiatives.

Third Party Risk Assurance Manager Duties and Responsibilities

Strategic Risk Management Alignment

• Collaborate to ensure that Third-Party Assurance strategies are in sync with the organizations overall risk management framework and strategic objectives. This entails working closely with subject matter experts from areas such as Security Privacy and Technology to integrate Third-party risk considerations into the broader organizational risk profile.
• Serve as the primary Information Security and Privacy SME for the Third-Party Risk Assurance function.
• Collaborate extensively with subject matter experts from areas such as Information Security and Privacy teams to integrate specific Third-party security and privacy risk considerations into the organizations broader risk profile and strategic objectives.
• Ensure Third-Party Assurance strategies remain compliant with evolving global security standards (e.g. NIST ISO 27001) and data protection regulations (e.g. GDPR various state/country-specific laws).

Third Party Assurance Planning & Execution

• Conduct comprehensive audits and assessments of Third-party vendors to ensure compliance with company standards regulatory requirements and industry best practices. Create detailed audit reports summarizing findings risks and remediation plans. Collaborate with Third-party vendors to remediate identified risks and track progress until resolution.
• Conduct comprehensive audits and assessments of Third parties specifically focused on their Information Security controls data privacy practices incident response capabilities and adherence to Wises security requirements.
• Evaluate control evidence related to security domains such as access management encryption network security and secure development lifecycle (SDLC).
• Create detailed audit reports summarizing security/privacy findings identifying critical risks and proposing robust remediation plans.
• Collaborate directly with Third parties to drive the remediation of identified security and privacy risks and track progress through to full resolution.

Third Party Assurance Program Enhancement & Development

• Work with the Assurance Lead to mature and evolve the Wises Third-Party Assurance program in alignment with strategic guidance from Wise Leadership and global regulatory expectations.
• Work with the Assurance Lead to continuously mature and evolve the Wises Third-Party Assurance program specifically by enhancing assessment methodologies and control libraries to align with Wise Leadership and global regulatory expectations.
• Incorporate best practices from security assurance frameworks and regulatory guidance into the programs design.

Strategic Oversight and Improvements

• Contribute to strategic oversight and continuously audit current processes to optimise Third-party management processes together with the rest of the TPRM leadership. The goal is to enhance the efficiency and effectiveness of controls identify areas for improvement and develop improvement plans.

Qualifications :

• Proven experience in Information Security and/or Data Privacy within a risk audit or compliance function.
• In-depth knowledge of key Information Security frameworks (e.g. ISO 27001 SOC 2 NIST CSF) and major Data Privacy regulations (e.g. GDPR CCPA etc.).
• Relevant industry certifications such as CISM CISSP CISA or CIPP are highly advantageous.
• Knowledge and experience in managing or overseeing Vendor/Third-Party Audit processes including scoping execution and reporting.
• Excellent verbal and written communication skills for engaging with technical and non-technical stakeholders including Third-party leadership internal security teams and executive leadership.
• Ability to collaborate effectively with a variety of stakeholders across Legal Information Security and Business teams.
• Strong attention to detail and excellent organizational skills especially when managing complex technical evidence.
• Comfortable in a fast-paced environment able to adjust to changing priorities related to security incidents or regulatory shifts.
• Capable of working independently with little supervision while handling multiple tasks and priorities.

Additional Information :

For everyone everywhere. Were people building money without borders  without judgement or prejudice too. We believe teams are strongest when they are diverse equitable and inclusive.

Were proud to have a truly international team and we celebrate our differences.
Inclusive teams help us live our values and make sure every Wiser feels respected empowered to contribute towards our mission and able to progress in their careers.

If you want to find out more about what its like to work at Wise visit .

Keep up to date with life at Wise by following us on LinkedIn and Instagram.

Remote Work :

No

Employment Type :

Full-time