Security SME – Supplier Assurance Manager

  • Competitive
  • Leeds, England, United Kingdom
  • Permanent, Full time
  • Lloyds Banking Group
  • 17 Jan 19

Security SME – Supplier Assurance Manager

End Date

31 January 2019
Salary Range

£53,064 - £58,960

Job Description Summary

Provide insightful, high quality complex output, advice and guidance executing control and tailored to senior stakeholder needs: EITHER through managing a team; AND/OR operating as a functional specialist

Job Description

  • Reporting to the 3rd Party Supplier Assurance Senior Manager, the job holder will manage on a day to day basis security (information & cyber) risk in the supply chain through all stages of the supplier lifecycle: from supplier selection and on-boarding; ongoing assurance; remediation and end of contract.
  • The key purpose of this role is to support the definition of the cyber security requirements suppliers need to meet, validation of supplier criticality assessments, and develop / deliver assurance processes that protect our data and services entrusted to our suppliers.

  • Validate cyber criticality assessments for new and existing suppliers against evolving cyber threats, and maintain an inventory of suppliers based on their cyber risk profile.
  • Review and update cyber security requirements for inclusion in supplier contracts.
  • Maintain and enhance ongoing security assurance controls and processes and guide their implementation.
  • Ensure scoping for supplier assurance reviews is appropriate and includes relevant controls for onsite testing (including production of 3rd party reports e.g. BitSight).
  • Assess suitability of supplier evidence to support the closure of remediation activity.
  • Monitor the security ratings of critical suppliers on a continuous basis, investigating and initiating remedial actions in response to events and alerts.
  • Provide guidance and interpretation of security findings from monitoring and assurance activities, working with relevant internal teams and suppliers as appropriate to ensure successful and timely completion of agreed actions.
  • Support the continuous improvement of cyber security assurance processes and capabilities
  • Provide SME support to key supplier assurance programmes for example Group Sourcing Programme and GDPR Supplier work stream.
  • Support management of any supplier related cyber incidents through to closure.
  • Support programmes / projects (including Group Transformation) where suppliers are supporting new acquired / outside activities
  • Deputise for 3rd Party Supplier Assurance Senior Manager as and when appropriate.

  • Proven experience of managing information / cyber security supplier assurance in large corporate organisations
  • Strong awareness of cyber threats and their mitigations
  • Monitoring compliance with policy and standards, particularly ISO 27001, other external attestations (SOC1, PCI DSS) and NIST Cyber Security Framework
  • Strong risk management practices
  • Good stakeholder management skills
  • Experience of conducting governance and oversight activities
  • Experience of 3rd party supplier E2E assurance processes
  • Experience in 3rd party supplier management and supplier on-boarding processes
  • Experience with security monitoring tools - BitSight, Riskrecon etc.

At Lloyds Banking Group, we're driven by a clear purpose; to help Britain prosper. Across the Group, our colleagues are focused on making a difference to customers, businesses and communities. With us you'll have a key role to play in shaping the financial services of the future, whilst the scale and reach of our Group means you'll have many opportunities to learn, grow and develop.

We're focused on creating a values-led culture and are committed to building a workforce which reflects the diversity of the customers and communities we serve. Together we're building a truly inclusive workplace where all of our colleagues have the opportunity to make a real difference.