Third Party Security Analyst

Ideas | People | Trust

We're BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today's changing world.

We work with the companies that are Britain's economic engine - ambitious, entrepreneurially-spirited and high-growth businesses that fuel the economy - and directly advise the owners and management teams leading them.

Role Purpose

The Third Party Security Analyst (Manager grade) is responsible for implementation of the BDO third party security framework. This includes assessing the information security risks of our 3rd parties, by evaluating the 3rd parties' security controls and ensuring supplier and supply chain information security risks to BDO and BDO client services are identified, assessed and managed.

This role reports to the Information Security Manager.

Principal Accountabilities

1. Leads in the execution and continuous improvement of the information security supply chain framework.
2. Coordinates the BDO supplier and supply chain information security due supplier risk assessment framework.
3. Supports risk-based planning for supplier information security due diligence and risk assessment activities.
4. Partners with procurement, contract management and other key stakeholders to ensure the end-to-end third-party processes consider information security.
5. Coordinates the gathering of vendor risk assessment data and prepares risk assessments for vendors.
6. Understands and applies relevant regulatory and legal compliance requirements.
7. Assesses vendor risks against BDO contractual requirements and controls.
8. Conduct due diligence and assessments of third-party security controls and posture.
9. Coordinates the identification and ranking of vendor risks.
10. Communicates identified risk requirements to internal stakeholders.
11. Builds communication and escalation plans around vendor risk management activities.
12. Tracks identified risks and risk events through the supplier lifecycle.
13. Reports on activities related to third party supplier assurance as required.
14. Supports review and continual improvement of information security supplier due diligence and risk assessment procedures.

Knowledge and Experience

1. Demonstrable experience with supplier and supply chain due diligence frameworks.
2. Experience of supplier information security risk management at all stages of the supplier lifecycle.
3. Experience with business service, system and data architectures.
4. Experience of information security audit and assurance.
5. Familiarity with formal information security frameworks and certifications.
6. Excellent verbal, written and interpersonal communication skills.
7. Excellent stakeholder engagement and management experience.
8. Self-motivated with keen attention to detail.
9. Have a relevant industry certification such as CISSP, CISM, CRISC or equivalent.

NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post.

You'll be able to be yourself; we'll recognise and value you for who you are and celebrate and reward your contributions to our business.

At BDO, we'll help you achieve your personal goals and career ambitions.

We're looking forward to the future

At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy.

Our success is powered by our people, which is why we're always finding new ways to invest in you.