Senior Analyst - Third Party Risk Management

About the job

Job Purpose: • Develop and maintain Security Controls relating to AXA's 3rd Party suppliers. • Carry out reviews/audits/risk assessments to ensure Third Parties are compliant to inhouse Security standards. • Align AXA's 3rd Party security assurance to the group standards. • Ensure Contracts include security schedules. • Own relationships with third party suppliers and follow up on unresolved issues. • Support, review and quality assure assurance Reporting and Dashboard. Key Responsibilities: • Collaborate with Manager and establish a supplier security assurance framework. • Ensure the framework is aligned with AXA procurement process and vendor due diligence process. Experience required - 3 to 6 years. • Assess and develop a supplier information risk tiering to rate suppliers based on criticality of services to be delivered to AXA and its impact to AXA. • Engage with wider AXA stakeholders to understand and gather AXA supplier strategy and risk management requirements. • Assess and develop a set of security requirements from AXA Information policy framework to be included as part of supplier contract schedules. • Engage with Manager to develop an engagement model to assess and review all new suppliers with inputs on control requirements from the Security risk assessment team. • Perform an initial review and due diligence of supplier logical and physical security controls. • Engage with Security Risk Assessment team to validate supplier due diligence findings and highlight to AXA stakeholders, procurement teams identified security risks. Support the supplier on boarding process. • Conduct regular reviews of supplier security compliance to contractual requirements and report on performance and SLAs. • Assess and rate supplier compliance and provide recommendations to resolve outstanding issues. • Report to stakeholders on current supplier risks and historical performance with KPIs and Dashboards. • Ensure supplier fulfil all contractual obligations before off boarding process is completed. • Negotiate Security clauses to be included in contracts with supplier. Key stakeholders: • Internal actors: Expected to interact with IT Operations & Business Operations, Group Procurement, Legal, Data Privacy, Local Information Security teams and peers. • External actors: Expected to interact with external service providers and vendors.