Third Party Security Specialist

Job Description:

Dentsu is the network designed for what’s next, helping clients predict and plan for disruptive future opportunities and create new paths to growth in the sustainable economy. Taking a people-centered approach to business transformation, we use insights to connect brand, content, commerce and experience, underpinned by modern creativity.

Dentsu Security are responsible for the scope and delivery of both cyber security and business continuity activities that cover every one of our dentsu offices located across 145 countries globally. 

Joining our Technology & Security Governance, Risk & Compliance function, you will be reporting directly to the Head of Third Party Security, performing a key role within an expanding Global Third Party Security team. The successful candidate will build upon their existing information security and/or third party risk management experience supporting the Third Party Security function in establishing relationships with both internal stakeholders and suppliers across the global network to ensure that third parties are assessed, on-boarded, monitored and off-boarded with appropriate due diligence.

This role is hybrid, working remotely and in the office. The role is open to candidates based in Kuala Lumpur (Malaysia) or India.

Responsibilities

• Conduct security risk and control assessments against technology and business third parties – at a global, practice area and market level.

• Develop relationships with business third party relationship owners through onboarding processes.

• Engage directly with suppliers through onboarding processes and as required through continuous monitoring.

• Track control remediation to ensure third parties respond and deliver within the agreed timeframes.

• Collaborate with key third party risk management stakeholders including procurement, legal, and data privacy functions.

• Maintaining risk and control assessment schedules using the enterprise strategic Vendor Risk Management platform.

• Support internal TPSA activities and drive improvement of existing processes.

• Develop and maintain reporting to effectively monitor and measure control effectiveness and business performance for managing third party risk.

• Ensure processes and procedures are documented and reviewed on a continual basis.

• Support and influence continuous improvement across third party security and the wider Security team including GRC, Cyber Security, Client Security, Security Architecture and Security Programme teams.

Candidate Profile

• Experience of security compliance initiatives within an enterprise technology environment such as ISO27001, NIST, CIS, PCI DSS, Cyber Essentials.

• Knowledge of all domains within security covering people, process and technology.

• Experience of third party security risk management and assurance within a medium or large-sized organisation.

• Experience in third party risk and control assessment for IaaS, PaaS, SaaS cloud service providers.

• Ability to explain technical complex concepts to non-technical audiences.

• Experienced with IT assurance functions and auditing techniques.

• Experience of Cyber Security Rating Platforms (desirable).

• Experience in using Vendor Risk Management assessment platforms (desirable).

• Experience in using Microsoft Excel, Microsoft Forms, Microsoft PowerBi.

• Is demonstrably self-motivated, pro-active, action orientated to achieve deadlines.

• Interest in their own personal development within both TPSA and other Security functions.

• Proactive development of trending knowledge and skills within information security community.

• Achieved or working towards an information security qualification (CISSP, CRISC) (desirable, but not essential).

• Experience in developing and administering SharePoint environments (desirable but not essential).

#LI-EY1

#LI-HYBRID

Location:

Brand:

Time Type:

Contract Type: