People, Person, Clinic, Doctor, Lab Coat, Scientist

Information Security Supplier Review Manager


Information Security Supplier Review Manager

Dublin | Ireland

Description of Business Unit

This role is part of the Bank of Ireland Group Information Security function led by the BoI Chief Information Security Officer.

The Group Information Security function is responsible for the management of the Bank`s risk around the confidentiality, integrity and availability of information across the banks activities.

This role reports to the Head of Information Risk Management and has responsibility for the delivery of Information Security reviews of 3rd party suppliers to the Bank.

Purpose of the Role:

This role is responsible for managing the delivery of 3rd Party Security reviews, the prioritisation of demand for reviewsand the on-going enhancement of the Security review methodology.This role supports the Bank`s outsourcing model and the achievement of the business objectives in a secure manner.Itreviews Information Security Risks associated with each 3rd Parties services in terms of thepeople, processes and technology used to safeguard the integrity, availability and confidentiality of this information in accordance with the Bank`s operating model and risk appetite. This role works closely with Group Procurement and the supplier relationship managers across the Group, as well as colleagues in the other teams in the Information Security function.

Key Responsibilities:

  • Define and communicate the supplier security review services to key stakeholders and the wider BOI Group.
  • Support business stakeholders in mapping supplier control gaps to business risk and advise on potential solutions.
  • Work with stakeholders across the Group to integrate security review services with existing risk, procurement and due diligence activities.
  • Ongoing service design/definition to meet GIS and group challenges, risk appetite and information security threat scape.
  • Lead and develop the Security supplier review team.
  • Manage the request pipeline and dissemination of work coming into the team and ensuring work is appropriately resourced and prioritized.
  • The role holder will ensure workload delivery is in line with agreed business and departmental SLA and KPIs; service performance monitoring, reporting and improvement and team development.
  • Manage service delivery and escalation.
  • Develop and enhance the security review methodology.
  • Facilitation of kick-off/context meetings with stakeholders
  • Co-ordination of and attendance at evidence gathering workshops (i.e. web collaboration sessions, supplier site visits etc.)
  • Ensure quality review of security review assessments performed by the team

Essential Qualifications:

  • Degree qualification
  • Experience with risk management practices including risk identification, assessment, documentation and control design.
  • Good understanding of IT Infrastructure and technology platforms.
  • Strong knowledge of ITSecurity/InformationSecurity/CyberSecurityprinciples and risks.

Essential Skills and Experience:

  • Working knowledge of information/IT security principles
  • Familiarity with ISO27001, ISO27002
  • Strong interpersonal and business engagement skills
  • Experience in team leading and mentoring
Closing date: May 30, 2018

Not ?

Thank you

What happens next?

You've seen your dream job, now what can you expect from the process?