Working within the Global Information Security (GISO) team, this role supports both the regional and global teams with the provision and analysis of insightful, consistent and quality information security data obtained from the wider team, IT partners, third party suppliers and Business Units across the Company. In conjunction, the role will also assess information security risks through knowledge of security threats.
- Provide support in vendor (3rd party) risk assessments including the delivery of quality inputs/ outputs for the meetings and the subsequent follow up on agreed actions and remediation
- Provide timely, consistent and fit for purpose reporting through the collation and analysis of risk assessment data, third party suppliers and the SOC with inputs from the Information Security Leads
- Maintain current assessments of C&W’s current global security posture, particularly with respect to client-related information services, using the associated SIG and SIG-lite questionnaires; such services may include C&W, closely held third party organizations, and third party organizations under long-term agreement.
- Develop standard responses for client security questionnaires, particularly those based on the Shared Assessments methodology, for use in building a scalable response process.
- Collaborate with Service Line organizations in responding to client security questionnaires, using standard answers where possible, and participating in client security audits.
- Support the continuing embedding of the Information Security Risk Framework and processes
- Ensure information security governance and processes align to the wider programme of information security processes and that they operate effectively.
- Work with the wider Information Security Team to deliver an effective ‘second line of defence’ enabling the Technology function to add value through the delivery of high quality and timely outcomes to the Business which strengthen security risk and posture.