Director of Third Party Risk Management

Job Title: Information Security 3rd Party Supplier Relationship Director

Location: London

Job Type: Full-Time Freelancer

Job Summary: We are seeking a highly skilled and experienced Information Security 3rd Party Supplier Relationship Director to oversee and manage our organization's relationships with third-party suppliers in the insurance industry. The ideal candidate will ensure that all third-party vendors meet our stringent information security standards and comply with applicable regulations. This position requires strong leadership, strategic thinking, and the ability to effectively communicate with internal stakeholders and external partners.

1. Supplier Risk Management: Develop and implement a comprehensive supplier risk management framework that assesses the information security posture of third-party vendors. Conduct regular risk assessments and due diligence reviews of potential and existing suppliers.
2. Policy Development: Create and enforce information security policies and procedures related to third-party engagements, ensuring alignment with industry standards and regulatory requirements.
3. Vendor Evaluation and Selection: Collaborate with procurement and business units to evaluate and select suppliers based on information security criteria. Lead the information security assessment process for new vendors.
4. Contract Management: Review and negotiate contracts with third-party suppliers to ensure that security-related clauses and requirements are included. Work with legal teams to mitigate legal risks associated with third-party relationships.
5. Monitoring and Reporting: Establish metrics for assessing vendor performance and compliance with information security requirements. Monitor and report on third-party supplier security incidents and breaches.
6. Stakeholder Engagement: Serve as the primary point of contact for internal stakeholders regarding third-party information security issues. Communicate effectively with business units to ensure alignment on security objectives and requirements.
7. Training and Awareness: Develop and deliver training programs for employees regarding third-party risk management and information security best practices.
8. Incident Response: Coordinate incident response activities related to third-party suppliers, ensuring timely communication and remediation efforts.
9. Continuous Improvement: Stay updated on industry trends, threats, and regulatory changes that impact third-party risk management and information security. Continuously improve processes to enhance security posture.

1. Bachelor's degree in Information Security, Computer Science, Business Administration, or a related field; master's degree is a plus.
2. Minimum of 10 years of experience in information security, risk management, or compliance, with a focus on third-party supplier management.
3. In-depth knowledge of information security frameworks (e.g., NIST, ISO 27001) and regulatory requirements specific to the insurance industry (e.g., GLBA, HIPAA).
4. Strong analytical, problem-solving, and decision-making skills with a keen attention to detail.
5. Excellent interpersonal and communication skills, with the ability to build strong relationships with vendors and internal stakeholders.
6. Experience with security assessment tools and vendor management platforms is preferred.
7. Relevant certifications (e.g., CISSP, CISM, CRISC, or equivalent) are highly desirable.

1. Ability to work independently and collaboratively in a fast-paced environment.
2. Willingness to travel occasionally for vendor assessments and meetings.
3. Understanding of the insurance industry's specific challenges related to information security and third-party risk management.