The Third-Party Security Assessor undertakes general Third-Party Security reviews. There are three major aspects to this position:
- Conducting reviews of NEW Third-Party entities (Supplier, Reseller, Joint Ventures) - identifying areas of conformance and non-conformance to Experian requirements; driving security contract language and inputs into the Risk Management Process.
- Conducting reviews of EXISTING Third-Party entities (Supplier, Reseller, Joint Ventures) - identifying areas of conformance and non-conformance to Experian requirements and inputs into the Risk Management Process.
- Supports the Global Head of Third-Party Security to continuously improve the local Third-Party Security (TPS) Management System and ensure that it meets local regulatory, policy and business requirements.
Primary Responsibilities
- Update the Third-Party inventory and program within the region.
- Perform security assessments for new and existing Third Parties using the Third-Party Security Framework.
- Supports in the development and improving TPS program.
- Provide on-demand consultancy to other teams within Information Security, Governance and the Business to assist in improving the security posture of third-party organisations.
- Partner with regional TPS team, regional indirect sales and procurement to ensure procedures meet regional requirements / operating practices.
- Identify information security deficiencies, risks and exceptions to appropriate parties as soon as possible. Ensure 1LoD ownership and ensure non-compliance issues, exception justification, mitigation controls and risks are appropriately captured.
- Work with RISOs and other GSOs governance functions - assist and / or drive remediation activities in order to mitigate security deficiencies identified.
- Supports the development of statistical reports on compliance deficiency trends and violations.