Assistant Manager - Cyber Security Third Party Contract
Job Title: Assistant Manager - Cyber Security Third Party Contract
Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future.
Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you.
At HUL, we believe that every individual irrespective of their race, colour, religion, gender, sexual orientation, gender identity or expression, age, nationality, caste, disability or marital status can bring their purpose to life. So apply to us, to unleash your curiosity, challenge ideas and disrupt processes; use your energy to make the world a better place. As you work to make a real impact on the business and the world, we’ll work to help you become a better you!
MAIN PURPOSE OF THE THIRD-PARTY CONTRACT MANAGER
To protect Unilever information assets through implementation and operation of a 3rd party supplier contracting governance framework, supporting the Standards & Governance Lead Manager in ensuring only those suppliers able to meet Unilever’s security requirements are engaged by the Unilever business functions, that all suppliers have the required information security contract schedule included in their agreements and that contract compliance is monitored, maintained and appropriately reported.
To support the Standards & Governance Lead Manager in ensuring there are adequate information security schedules included in the overall supplier contracts so that the contract risk profile of 3rd party suppliers providing or supporting Unilever information and systems is adequately managed and addressed.
Key to the role is to support Standards & Governance Lead Manager with managing multiple stakeholders including business owners, legal, procurement, IT and suppliers.
Establish, implement and operate an information security third party supplier contract remediation framework, providing analysis and reporting to senior management and the executive team. Track contract status of suppliers such as managed service providers, cloud providers, business consultancies and external legal service providers and maintain an ongoing view of the risk profile.
Global across all IT, incorporating key linkages to Privacy, Legal & Procurement.
To help manage the 3rd party supplier information security risk to Unilever information assets and systems. The following represent the main deliverables for this role.
REPORTING & ANALYSIS
- Operate 3rd party supplier information security contracting governance framework including analysis, implementation, remediation and reporting processes to enable management and oversight contract compliance.
- Support the identification and evaluation of the 3rd party supplier information security contract gaps for each Unilever supplier and for each segment of suppliers.
- Provide reporting to senior management and executive to support their understanding of the overall management of third party information security contract schedule implementation, supplier contract risk profile to enable escalation and decision making.
REVIEWS AND REMEDIATIONS
- Actively support in information security contract schedule reviews and negotiations, provide input, engage in discussions and reach agreements with the UL business owners and Suppliers.
- Support the remediation of identified issues with suppliers, working with UL business owners, suppliers and external remediation service providers to ensure prompt resolution of identified issues
- Support communications and engagement activities with UL business / service owners, internal Secure by Design and legal teams, as well as suppliers, managed service providers.
- Establish and maintain supplier relationships by serving as a single point of contact for contractual matters relating to information security.
- Provide contract-related issue resolution, both internally and externally from information security standpoint.
GOVERNANCE AND COMPLIANCE
- Support the operation of governance schedules and processes for key suppliers.
- Support the operation of required ongoing compliance activities for key suppliers.
- Operate metrics and performance indicators for all aspects of the supplier information security contract framework.
- Responsible for ensuring compliance in relation to information security contracts for new supplier onboarding, existing suppliers’ extension and renewal, and communicate contractual changes to all stakeholders.
- Understand changes to standard clauses, and highlight deviations and risks, if outside of standard clauses.
- Ensure the organisation's internal contract document templates for information security are accurate and up to date.
- Identify opportunities to improve current contract processes and devise plans to implement these changes.
- Ensure overall contract compliance by working with all the relevant stakeholders to confirm that the right information security schedule is included in the final contract with 3rd party suppliers.
- Support the development and management of stakeholder relationships within Unilever and with key third parties, including within the information Protection Team, Legal, Digital Marketing, HR, local Data Protection Officers and other businesses.
- Support the Cyber Security Standards & Governance Manager in acting as a key point of engagement within the Cyber Security Team, Privacy, Legal, Procurement and Business Integrity
Variable contract resource
- IT Security Operations
- Information Security Innovation & Engineering
- Legal (including external legal counsel)
- Data Privacy
- Professional qualification in information/Cyber security – e.g. CISM CISSP or equivalent.
- Proven capability of Information/Cyber Security risk management principles and practices.
- Up to date knowledge of ISO27000 series and GDPR
- Sound, broad knowledge of IT and its business context.
- Contract negotiation skills, from both a Legal and Procurement perspective
- Broad knowledge of IT Security technical control requirements.
- Understanding of fundamental networking principles.
- Understanding and knowledge of regulatory aspects of information security including data protection legislation and SOX.
- Proven capability of designing and operating a supplier risk management framework.
- Excellent communication and stakeholder management.
- Min 3 years hands-on experience in Information/Cyber Security role.
- 5 years industry experience working within a large complex business environment requiring analysis of data flows and making balanced risk decisions.
- Providing risk based security evaluations and evidence of assessing, identifying and reporting risks resulting from a control framework.
- Achieving outcomes and results by influencing the way resources not in your control are utilised.
- Understanding of procurement and Legal aspects of supplier relationships.
- Experience working with corporate cloud supplier relationships.
- Experience within a consumer goods or retail environment.
• Execution Responsibility
• Bias for Action
• Growth Mindset
• Consumer and Customer Focus