Third-Party Security Senior Specialist

Job Description

Live to challenge the status quo. Live a life more Virgin.Our Team As a Third-Party Security Senior Specialist, you will become part of the dynamic Third-Party Security Team within the Technology Operations & Cyber Security (TOCS) - Cyber Cluster. The Cyber landscape is constantly evolving, and with this so too aresecurity threats and risks. You will have an important role in keeping the Bank safe and protecting the confidentiality, integrity and availability of our data through assessing all Third-Party relationships and services and providing Cyber risk expertiseto Business and Technical stakeholders at all levels. You will take a leading role in ensuring that Third Party security controls are delivered in line with business risk appetite.If you like a fast-paced role that will challenge you, then you may have just found it! Were looking for self-motivated enthusiastic individuals, who have a real passion for cyber security, and are ready to make a real difference to a successful team.What youll be doing…

• Understanding the scope of services being procured by colleagues across the business and identifying where Third Parties will be accessing, processing, storing or transmitting confidential/sensitive Virgin Money (VM) information
• Carrying out comprehensive assessments of Third Party Vendors and their control environments to ensure there are no control deficiencies that could negatively impact the confidentiality, availability and integrity of VM data
• Making recommendations against Third Party Security risks that may sit outside of VMs risk appetite and ensuring timely remediation
• Ensuring security language is agreed in all contracts to hold third parties accountable for maintaining a high level of security
• Carrying out Third Party onsite assurance audits for highest risk Third Parties to validate that controls continue to operate effectively
• Execute offboarding activities for any Third Party services that are being terminated ensuring information, data and assets are retrieved
• Supporting Third Party transformation activities to automate and improve team processes

We need you to have…

• Extensive experience of working in Third Party Security risk/assurance/audit roles.
• Experience in leading change and delivering 3rd party/Supply chain security transformation activities covering people, process and technology
• Experience of assessing Third Party security practices, identifying control weaknesses, making recommendations for improvement and managing remediation activities
• Experience of negotiating Information Security contract language and clauses
• Experience of carrying out Onsite 3rd Party Audits/Control testing activities
• Experience of Cybersecurity frameworks e.g. ISO27001, SOC2, NIST
• Understanding of Cloud Models & Security - IaaS/PaaS/SaaS, Data protection, Network Security, Identity & Access management, compliance & auditing

Its a bonus if you have but not essential…

• Experience in using Third Party Security Intelligence platforms using tools such as Security Scorecard, Recorded Future, Prevalent etc.
• Experience in supporting 3rd Party Information Security Incidents
• Knowledge and understanding of Microsoft technology - Microsoft Azure, Microsoft Defender, Azure Sentinel, PowerBI.

Red Hot Rewards

• Generous holidays - 38.5 days annual leave (including bank holidays and prorated if Part-Time) plus the option to buy more
• Up to five extra paid well-being days per year
• 20 weeks paid, gender-neutral family leave (52 weeks in total) for expectant parents and those looking to adopt
• Market-leading pension
• Free private medical cover, income protection and life assurance
• Flexible benefits include Cycle to Work, wellness and health assessments, and critical illness
• Ability to work anywhere in the UK (where the role allows)

And theres no waiting around, youll enjoy these benefits from day one.Feeling insatiably curious about this role Apply as soon as you can. If were lucky to receive a lot of interest, we may close the advert early and would hate you to miss out.Were all about helping you Live a Life More Virgin, so happy to talk flexible working with you.Say hello to Virgin MoneyWere making great strides towards achieving our ambition of becoming the UKs best digital bank. As a full-service digital bank with a heritage stretching back over 180 years, we`re a workforce to be reckoned with. Were putting the full power ofour experience behind disruptive ideas that reinvent the role a bank plays in peoples lives. We strive to create positive experiences for our millions of customers and our purpose, Making You Happier About Money, underpins everything we do. We believe indoing banking differently, innovating and working together to make a real difference. Join us and Live a Life More Virgin that empowers you with choice and flexibility in how you work.Be yourself at Virgin MoneyWere committed to creating an inclusive culture where colleagues feel safe and inspired to contribute, speak up and be heard. As a Disability Confident Leader, were committed to removing any obstacles to inclusion. If you need any reasonable adjustments or support making your application, contact our Talent Acquisition team Now the legal bitLiving A Life More Virgin allows our colleagues to be based anywhere in the UK (if the role allows it), but well need you to confirm you have the right to work in the UK.If youre successful in securing a role with us, there are some checks you need to complete before starting. These include credit and criminal record checks and three years worth of satisfactory references. If the role is part of the Senior Manager Regimeand Certification Regime, it requires enhanced pre-employment checks - well ask for six years of regulatory references, and once in the role, youll be subject to periodic employment checks.