Third Party Cyber Risk Lead

Job Title: Third Party Cyber Risk Lead

Reporting to: Cyber Governance Manager

Direct Reports: None

Position Type: Permanent

Why Tokio Marine HCC

Standing still is not an option in the current world of Insurance. TMHCC is one of the worlds leading Specialty Insurers. With deep expertise in our chosen lines of business our unparalleled track record and a solid balance sheet TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit empowering our people and delivering on our commitments are at the core of our customer values along with a desire to grow and provide creative and innovative solutions to our clients.

About Operations

Operations sits at the heart of TMHCC we ensure the smooth running of all business processes from policy administration and claims handling to data technology and delivery. We focus on driving efficiency which enables our teams across the business to deliver exceptional results every day. Our value statement: Ops makes it happen.

Operations is made up of 7 functions this role sits within: IT

We are the foundation for TMHCCs success - enabling the business to grow compete and innovate through technology security and solution design. From shaping strategy to delivering resilient operations we ensure every capability is aligned to business value. Our inclusive and collaborative culture empowers everyone to explore ideas solve meaningful challenges and build fulfilling careers that make a real impact.

Job Purpose:

Reporting to the Cyber Governance Manager in the Business Information Security Office you will own and mature TMHCC Internationals third-party cyber risk management processes streamlining processes as the vendor landscape grows. You will partner with internal teams such as Procurement and Legal to prioritise risk remediate issues and deliver clear management information on cyber risk across the third-party portfolio.

Key Responsibilities:

• Own manage and evolve the third-party security due diligence process for TMHCC International vendors including onboarding and continuous monitoring.

• Establish and maintain a vendor criticality assessment process; Ensure the appropriate vendor due diligence and monitoring activities take place in accordance with vendor criticality.

• Own and maintain ongoing due diligence requirements for critical and high-risk suppliers in line with regulatory expectations including DORA NIS2 PRA and FCA requirements etc.

• Build MI and dashboards to showcase security due diligence and third-party risk management efforts for senior IT stakeholders and executives.

• Collaborate with IT Procurement and Legal teams to embed third party security risk management controls into the overall vendor risk management process.

• Ensure compliance with relevant industry regulations and standards (e.g. DORA NIS2 CIS Controls NIST GDPR).

• Provide security guidance on third party due diligence contract reviews and other ad-hoc vendor security risk management queries.

• Create and maintain vendor security risk management documentation (including process documentation) and training materials.

• Stay current on emerging vendor security trends tools and technologies.

• Support the Cyber Governance Manager by providing metrics to the Divisional IT Risk Reporting and Dashboards.

• Escalate significant cyber risks and issues as they emerge to the Cyber Governance Manager and BISO for action or information.

Performance Objectives:

• Develop a strong understanding on TMHCCs third party landscape and current organisational controls used within the vendor risk management process and take on responsibility for cyber third-party risk management.

• Identify gaps and improvement areas within the cyber third-party risk processes develop plans to further mature cyber security controls within this area and own the implementation of these plans going forward.

Skills and Experience Specification:

Essential:

• Experience in cyber/information security risk roles with a focus on third-party/vendor risk management.

• Bachelors degree in information security Technology Risk Management or a related field.

• Relevant professional certifications such as CISSP CISM CRISC ISO 27001 Lead Implementer/Lead Auditor.

• Experience in regulated industries implementing relevant regulations and expectations for third-party security risk management.

• Proven experience designing running and improving vendor security due diligence processes.

• Strong knowledge of security assurance certifications and assessments maintained by vendors (e.g. ISO 27001 SOC 2 CSA STAR/CAIQ vendor security questionnaires)

• Deep understanding of and ability to articulate the risk associated with vendor risk posture to both technical and non-technical stakeholders.

• Ability to coordinate and chair regular meetings and workshops with multiple stakeholders to provide guidance collaboration and oversight of third-party security risk management initiatives.

• Confidence in presenting information and acting as a source of SME knowledge and guidance.

• Analytical conceptual thinking planning and execution skills.

• Ability to drive improvements and take charge of initiatives backed with excellent coordination strength as well as assertiveness.

• Results-orientated and able to manage to measurable targets and desired outcomes.

• A passion to champion a cyber security culture and continuous learning of latest cyber threat trends.

• Strong communication skills with the ability to explain complex security issues to non-technical stakeholders.

Desirable:

• Experience with third party risk management platforms or GRC tooling.

• Capability and experience in building actionable MI and dashboards (e.g. using Power BI) and turning data into clear decisions and narratives.

• Experience of the Specialty and Lloyds/Companies market insurance industry.

What We Offer

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals.

The Tokio Marine HCC Group of companies is an equal opportunity employer. Please visit for more information about our companies.

#LI-HJ1