Third Party Assurance Analyst in Leeds

The primary role of the third party security assurance team is to provide the firm with a view of its supply chain security risks and help manage them.

The Third Party Security Assurance Analyst will work closely with suppliers and key internal stakeholders to support supply chain security risk identification and risk management process across all aspects of Information Security third party assurance.

This role supports the firm’s supplier security assurance activities across the international firm.

MAIN DUTIES AND RESPONSIBILITIES 

The wider Information Security Team is responsible for ensuring compliance with information security controls, management policies and procedures that are a core component of the firm’s ISO 27001 certification.

The key areas of responsibility are (but not limited to):

• Performing third party/Supplier risk assessments across software and hardware platforms, both on premise and cloud hosted;
• Coordinate all aspects of issue tracking and remediation processes, as a result of supplier risk assessments;
• Clearly document and define risks and potential impacts including any mitigation proposals and recommendations, providing challenge where needed;
• Ensure suppliers are reviewed throughout their lifecycle from onboarding, through ongoing reviews and off boarding;
• Support decision-making and approvals around third party assurance and preparation of key documentation and reports;
• Assist in the development, maintenance and implementation of tools and processes to streamline Information Security Supplier Assurance and continuous improvement activities;
• Develop and maintain an on-going relationships with control owners and support key stakeholders including Information Security, IT, Data Privacy, Procurement, business services and third parties.

ABOUT YOU

• At least 1 to 2 years experience of conducting third party supplier security assurance reviews.
• Identification and management of Information security risks and recommending mitigation plans.
• Understanding of security control frameworks including ISO27001
• Writing policies/procedures or other compliance documentation.
• Understanding of core IT infrastructure technologies and concepts.
• Knowledge of data privacy requirements for IT and Information Security.
• Experience of information & security risk management.

The ideal candidate should have excellent soft skills and understand how to communicate within a large organisation and with staff within the business. Experience in the security industry is a must and a good breadth of security knowledge is essential.

The ideal candidate may hold security certifications such as CISA, ISO27001 Lead Auditor with other security certifications being beneficial.  A good understanding of IT systems and security technologies is required.

The following characteristics are essential:

• Strategic Perspective – Keeping organisational objectives and strategies in mind, and ensuring courses of action are aligned with the strategic context.
• Influence, Persuasion and Personal Impact – Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority.
• Interacting with People – Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences.
• Flexibility – Taking account of new information or changed circumstances and/or business requirements and modifying response to a problem or situation accordingly.
• Commercial Orientation – Understanding commercial considerations and ensuring alignment with them when making decisions or recommending actions.
• Initiative – Being proactive, anticipating opportunities for systems, service or product improvement or development and taking appropriate action(s).
• Persistence – Meeting targets, acting and/or fulfilling agreements even when adverse circumstances prevail.
• Organisational Awareness – Understanding the hierarchy and culture of own, customer, supplier and partner organisations.

Key Relationships:

• IT and Security Architects, Project Managers, Engineers and Analysts
• IT Managers
• Service owners
• Broader Risk and Compliance functions
• Data Privacy
• Procurement

ABOUT US

DLA Piper is a global law firm with lawyers and business service professionals located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa and Asia Pacific. Our global reach ensures that we can help businesses with their legal needs anywhere in the world. We strive to be the leading global business law firm by delivering quality, service excellence and value to our clients and offering practical and innovative legal solutions to help them succeed. Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies, as well as government and public sector bodies.

OUR VALUES

In everything we do connected with our People, our Clients and our Communities, we live by these values:

• Be Supportive – we are compassionate and inclusive, valuing diversity and acting thoughtfully
• Be Collaborative – we are proactive, passionate team players investing in our relationships
• Be Bold – we are fearless and inquisitive, challenging ourselves to think big and find creative new solutions
• Be Exceptional – we are strategic and driven, exceeding standards and expectations

DIVERSITY AND INCLUSION

At DLA Piper, diversity and inclusion underpins how we live our values and everything we do. We believe that everyone has a voice, and that everyone’s voice counts. We know that the rich diversity across our firm makes us stronger, more innovative and creative, which helps us to better serve our clients and communities. We are committed to providing an inclusive working environment and culture across our global firm, where everyone can bring their authentic self to work.

Diversity of perspective, thought, background and culture combine to make us the leading global law firm; that’s why we actively seek to build balanced teams. We welcome the unique contribution that you will bring to our firm and actively encourage applications from all talented people – however your talent is packaged, whatever your background or circumstance and regardless of how you identify.

HYBRID WORKING

We recognise that people have responsibilities and interests outside of their career and that as a business, we all benefit from working flexibly. That’s why we are open to discussing with candidates the different ways in which we are able to support requests for agile working arrangements.

PRE-ENGAGEMENT SCREENING

In the event that we make an offer to you, and where local legislation permits and where relevant, we will conduct pre-engagement screening checks that may include but are not limited to your professional and academic qualifications, your eligibility to work in the relevant jurisdiction, any criminal records, your financial stability and work-related references.

4627 | United Kingdom | Birmingham | Leeds | Liverpool | London | Sheffield

Apply