IT Security TPSRM

About This Opportunity

We are seeking a team member in our IT Security Third Party Security Risk Management team to enhance our BA, MA, and Group Functions adherence to internal IT Security regulations more efficiently. This individual contributor role will articulate ISMS controls and compliance through the "10 Commandments" and dashboards. The role involves conducting assurance reviews and, when necessary, implementing ISMS compliance across Ericsson s global IT environment. We are looking for a highly skilled security professional with an audit background. The ideal candidate will foster a collaborative and professional atmosphere while maintaining high standards.

What You Will Do

Understand the end-to-end third-party risk management lifecycle. Develop, manage and improve third-party risk management monitoring and reporting process that tracks third-party risks. Contribute to the development of policies focused on the security of third-party business processes. Develop and maintain supplier risk and control monitoring plans, performing monitoring activities and analyzing evidence to ensure controls are effective. Assist in the development and execution of category/supplier strategies. Collaborate with stakeholders to address supply chain security. Supervise and conduct supplier security audits in alignment with company security policies and industry standards. Perform on-site assessments of vendors to identify opportunities for improvement. Utilize analytics to compile and synthesize data, making informed recommendations to assess and mitigate risk exposure, guiding business decisions. Establish and deliver metrics in a robust, validated, consistent, and repeatable process. Ensure data accuracy and integrity through established processes and controls. Build relationships and influence the behavior of internal teams and external parties. Complete monitoring and control tasks triggered by supplier tier and third-party interaction models. Collaborate with business stakeholders to achieve year-over-year cost savings with managed third-party relationships. Partner with stakeholders on IT Security contract negotiations for all managed third-party relationships.

You Will Bring

Minimum of seven years of experience in developing and maintaining global vendor risk management programs.
Preferred certifications: CISSP, CISM, CISA, or CRISC. Strong understanding of information technology and security solutions. Monitor and ensure successful delivery against third-party contractual obligations. Assist in the development and monitoring of SLAs or key performance indicators for third-party relationships.