Information Security Third Party Analyst

Job Summary:Assist the global information/cyber security and privacy function in the delivery of the company's information/cyber security and privacy programmes., Responsibilities of this role will include, but are not limited to:

• Assist the development of the third party assurance and risk management operations of the information security function within the CISO office.


• Ensuring the day to day operations of the third party assurance and risk management function run smoothly and effectively, that standards for assessments are clearly defined and documented, and risk events from third parties are identified and clearly communicated, managing up to the head of information security and the CISO where necessary.


• Manage the life cycle of security assurance requirements for Beazley's third parties.


• Ensure the controls around third party assurance and risk are working effectively, highlighting to the head of information security when there are any issues.


• Effectively manage the third party assurance and risk controls for Beazley.


• Act as a source of technical expertise, providing advice and guidance on third party assurance and risk across the business.


• Support the investigation of third party incidents, documenting risk events and impacts from third party cyber events and ensuring timely reporting of these to the head of information security and the CISO where necessary.


• Building strong relationships with internal teams across the business to facilitate their third party assurance needs.


• Support the development of third party assurance and risk strategy, driving delivery through your day to day work.


• Support the development and implementation of information/cyber security, and third party policies, guidelines and processes.


• Support the development, and deliver, third party assurance training for the business.


• Provide training to employees, marketing partners, or other third parties, ensuring proper information handling in accordance with policies and procedures.


• Ensure that the third party assurance and risk policies, procedures, standards and agreements meet the group's requirements against legislation and regulation - supporting the updating of policies as required.


General:

• As normal in an IT operational environment, projects and problems may demand evening and weekend working. This will be scheduled in advance as far as possible.


• Adopt the Beazley culture of Professionalism, Integrity, Effectiveness and Dynamic attitude that contribute to an internal environment of teamwork and promote a positive brand image to our external customers.


• Comply with Beazley procedures, policies and regulations relevant to your role. Undertake relevant training on Beazley policies and procedures as delivered by your line manager, the Talent Management development or assurance teams (compliance, risk, and internal audit) either directly, via e-learning or the learning management system.


• Comply with any specific responsibilities necessary for your role as outlined by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas. This may include, amongst others, Beazley's underwriting control standards, and Beazley's claims control standards, other Beazley standards and customer relationship management.


• Ensure that you uphold the Beazley principle of Treating Customers Fairly.


• Ensure that you uphold the ingredients of Being Beazley - Expert, Deliver, Friendly, Honourable, Creative, Passionate and Bold.


• Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system. These may include, among others, European Strategy Team, US Management team or membership of any Beazley committees.
  
  Degree level education, or equivalent work experience


Skills and Abilities

• Excellent communications skills.


• The ability to prioritise work and deliver results in a pressurised environment


• The ability to develop and manage stakeholder relationships


• Self-motivation


• The ability to work collaboratively


• An understanding of the various data management regulatory requirements that Beazley is subject to, in the UK, the US and around the world.


• The ability to communicate technical concepts to a broad range of staff and management.


Knowledge and Experience

• Proven experience in information/cyber security.


• Proven experience in third party assurance and risk analysis.


• Knowledge of common information security management frameworks, such as International Standards Organization (ISO) 17799/27001, National Institute of Standards and Technology NIST, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) frameworks.


• Knowledge of the process of performing risk, business impact, control and vulnerability assessments, and defining mitigation strategies.


• Knowledge of common cyber-attacks, and ways to protect organisations and individuals from the unauthorised exploitation of systems, networks and technologies.


• Have awareness of mainstream operating systems (for example, Microsoft Windows) and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware (malicious software) solutions, automated policy compliance and desktop security tools.


• Experience in financial services/insurance is desirable, but not required.


• International experience is desirable, but not required.