Global Third-Party Security Review Lead

WHY DENTONS

Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.

ROLE

The role will focus on conducting third-party vendor security assessments and managing supply chain threats from a cyber security perspective. You will assess, track, measure, and report third-party cyber risk across the global organization.

KEY RESPONSIBILITIES & ACCOUNTABILITIES

• Lead the third-party cyber risk management lifecycle, from executing onboarding security reviews to the offboarding of vendors
• Develop an annual calendar of third-party re-assessment cyber security reviews on cyber risk presented to the organization
• Define and introduce into production required third-party security assessments based on services consumed by the organization that will complement current security assessments
• Identify and create appropriate cyber security risk MI across the third-party vendor estate
• Identify and implement improvements in current third-party processes and procedures
• Conduct third-party cyber security assessments and identify controls to mitigate cyber risks to the organizations cyber security posture from vendor relationships
• Follow established third-party cyber security risk management program guidelines to complete the onboarding of third-party vendors
• Collaborate with internal business teams and various risk/compliance subject matter experts to address and/or mitigate identified or potential cyber security risks
• Collaborate with various stakeholder teams to identify and communicate cyber security risk from third-party relationships and drive residual risk to acceptable levels
• Conduct reviews of IS clauses included in third-party contracts to help strengthen legal security posture for the organization
• Design and deliver training and education of staff in third-party risk management processes as needed
• Complete tasks with minimal supervision, in a collaborative, supportive environment
• Perform other cyber security risk duties as needed
• Lead the third-party cyber risk team members
• Supervise and manage junior team members

SKILLS & COMPETENCIES

Technical Skills

• Skilled in the use of Microsoft Office suite
• Fluent in English language – written and verbal

Personal Skills and Attributes

• Strong troubleshooting, reasoning, and problem-solving skills
• The ability to pick up and quickly understand new concepts and technology
• Critical thinking and analytical decision making to discover issues and risks pertaining to third-party risk management
• Team-oriented and skilled in working within a collaborative environment
• Ability to effectively multi-task, prioritize and execute tasks
• Ability to work independently and collaborate with geographically dispersed teams
• A strong work ethic and passion for finding answers
• Strong Client relationships building skills
• Stay current with industry trends in third-party and cyber security risk
• Excellent written and verbal communication, interpersonal and intercultural skills.

EDUCATION, EXPERIENCE & CERTIFICATIONS

• A bachelor’s degree from an accredited college or university
• At least 3- 5 years’ management experience
• 5+ years’ experience as a skilled practitioner in third-party or cyber/IS Risk Management
• Skilled practitioner in identifying cyber security risks in cloud services and providing mitigating controls
• Skilled practitioner in the mitigation and/or remediation of cybersecurity vulnerabilities
• Strong practitioner knowledge of third-party risk strategies and best practices
• Relevant industry certifications e.g., CRISC, CISM, CISA, ISO/IEC 27001 Lead Auditor
• Working knowledge and experience with industry standards and best practice including the ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and NIST Cybersecurity Framework

LANGUAGE CAPABILITIES/INTERNATIONAL EXPERIENCE

We are a truly global law firm and as such, always welcome hearing from those with foreign language capabilities. Additionally, we would be delighted to hear from candidates with a global background including professional experience gained across different geographies.

Work from home