Dentons is hiring a
Third-Party Security Review Lead

Summary

Join Dentons, the world's largest global law firm, as a Third-Party Cyber Risk Manager. Conduct third-party vendor security assessments and manage supply chain threats from a cyber security perspective.

Requirements

• A bachelor’s degree from an accredited college or university
• At least 3- 5 years’ management experience
• 5+ years’ experience as a skilled practitioner in third-party or cyber/IS Risk Management
• Skilled practitioner in identifying cyber security risks in cloud services and providing mitigating controls
• Skilled practitioner in the mitigation and/or remediation of cybersecurity vulnerabilities
• Strong practitioner knowledge of third-party risk strategies and best practices
• Relevant industry certifications e.g., CRISC, CISM, CISA, ISO/IEC 27001 Lead Auditor
• Working knowledge and experience with industry standards and best practice including the ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and NIST Cybersecurity Framework

Responsibilities

• Lead the third-party cyber risk management lifecycle, from executing onboarding security reviews to the offboarding of vendors
• Develop an annual calendar of third-party re-assessment cyber security reviews on cyber risk presented to the organization
• Define and introduce into production required third-party security assessments based on services consumed by the organization that will complement current security assessments
• Identify and create appropriate cyber security risk MI across the third-party vendor estate
• Identify and implement improvements in current third-party processes and procedures
• Conduct third-party cyber security assessments and identify controls to mitigate cyber risks to the organizations cyber security posture from vendor relationships
• Follow established third-party cyber security risk management program guidelines to complete the onboarding of third-party vendors
• Collaborate with internal business teams and various risk/compliance subject matter experts to address and/or mitigate identified or potential cyber security risks
• Collaborate with various stakeholder teams to identify and communicate cyber security risk from third-party relationships and drive residual risk to acceptable levels
• Conduct reviews of IS clauses included in third-party contracts to help strengthen legal security posture for the organization
• Design and deliver training and education of staff in third-party risk management processes as needed
• Complete tasks with minimal supervision, in a collaborative, supportive environment
• Perform other cyber security risk duties as needed
• Lead the third-party cyber risk team members
• Supervise and manage junior team members

Benefits

Work from home