Third-Party Security Lead

Job description

About the role Reporting to the Information Security Manager, the Third-Party Security Lead plays an important role in assuring the security of Monument Re’s assets stored, accessed or processed by third party suppliers and outsourcing partners. The role-holder will possess a good understanding of security controls, risk management, and operational security practices and have experience of assuring external entities comply with required security standards and regulatory requirements. Responsibilities: Third-Party Risk Management: - Lead the assessment, onboarding and continuous monitoring of third-party vendors and outsourcers. - Maintain and improve the Monument Re third-party risk management framework aligned with industry standards such as ISO27001 and regulatory requirements such as DORA. - Document, manage and track third-party risks on the information security risk register and report key risk indicators (KRIs) and metrics as part of periodic management reporting. - Act as the primary point of contact for all third-party security matters and be the subject matter expert (SME), offering guidance and training to internal teams on third-party best practice. This includes inciden...