Third-party Information Security Risk and Compliance Analyst

Roles and Responsibilities

• Conduct comprehensive audits of third-party information security policies, procedures, and controls.
• Participate in contract negotiations concerning the third-party information security annex.
• Lead online and in-person meetings with third parties.
• Analyse submitted security questionnaires and documentation to identify and assess potential vulnerabilities and risks. Raise issues promptly and provide mitigation options based on security issues identified.
• Prepare detailed risk assessment reports for senior leadership, providing insights and recommendations for third-party risk reduction.
• Contribute to the continuous improvement of the team's processes based on experience in third-party risk assessment, industry best practices, and internal policies and frameworks.
• Produce clear and structured documentation of processes, meetings, and other relevant activities.
• Initiate and lead improvement projects aimed at enhancing the efficiency and effectiveness of the Vendor Risk Management team.
• Collaborate with other sections within the company to ensure alignment of processes.
• Stay up-to-date with emerging technologies, threats, vulnerabilities, and industry best practices.
• 2+ years experience in third/party risk management, information security risk management, compliance, or a background in cybersecurity.
• Familiarity with information security processes, including risk assessment, vulnerability management, and incident response.
• Understanding of regulatory requirements (e.g. GDPR, NIS2, DORA)
• Proficiency in risk management, cybersecurity control frameworks and standards (e.g. NIST RMF, ISO 27001, ISO 28000, CyFun, CCM)
• Excellent analytical and problem-solving skills, with the ability to interpret complex risk data and make informed decisions.
• Attention to detail.
• Strong written and verbal communication skills in English, capability to articulate complex risk concepts to technical and non-technical audiences.
• Capable of conducting professional business communications and effectively handling information security aspects of contract negotiations.

• Experience in aligning team processes with broader organizational goals.
• Proven ability to initiate and drive projects.
• A collaborative mindset and a positive attitude towards working with a diverse team.
• Relevant certifications such as CISA, CISSP, CISM, ISO/IEC 27001Lead Implementer/Auditor, ISO/IEC 28000 Lead Implementer/Auditor, Security+.
• Advanced knowledge of Microsoft Office Suite (Word, Excel, PowerPoint, Outlook) to create professional documentation, presentations, dashboards, prepare statistics calculations, and optimize workflows.
• Knowledge of emerging technologies and their associated risks, especially in AI and cloud computing.
• Experience of using a Governance, Risk, and Compliance (GRC) tool.
• Proficiency in English.

Experience in the telecommunication domain.