Purpose of the Role
Is responsible for executing vendor security assessments and overall security management of third party vendors of NGA. Manager will identify, classify, risk assess, evaluate on TPV`s security framework prior to on-board and post. Vendor managers align vendor compliance with department needs and ensure all vendors wherever applicable complete periodic vendor security assessments in timely manner. Liaison with internal teams to ensure this is completed.
Create, influence, and evolve the processes for vendor security. End goal is to have a strong vendor assurance discipline infused across NGA and integrated with our company-wide approach. Also, maintain good understanding of various Compliance and Audit standards in order to identify, assess, research, manage and implement NGA’s Control Framework. Can communicate effectively and persuasively with internal stakeholders, clients, external auditors, client auditors, and business/IT operations.
Duties and Responsibilities
•Maintain relationships with internal partners, external consultants and NGA`s suppliers to ensure third party suppliers are assessed, on-boarded, monitored and off-boarded with appropriate due diligence or security maturity identification.
•Work with upstream and downstream of Vendor Onboarding/Third parties effectively
•Provide security assurance review delivery for critical third party vendors of NGA
•Conduct assurance activity like review of suppliers SOC reports.
•Lead the oversight of all supporting activities, including reporting and issue remediation
•Provide leadership as part of a globally facing team to handle and provide supplier data security advice
•Maintain NGA’s Control Framework, report statuses and escalate issues
•Publish vendor security assurance dashboard reports to provide situational awareness and communicate compliance risks to management.
•Assist documenting and updating as appropriate, the vendor assurance policy, standards and processes ensuring these and the risk register are up to date and regularly reviewed.
•Contribute to procedures and processes to standardize and enhance compliance management.