Cyber Security Third Party Risk Manager

Job DescriptionDXC cultivates a work environment that attracts and retains some of the most skilled talent in today’s workplace. With a strategic focus on our people and our customers, we are committed to doing what’s best for both. That’s why we’re creating a workplace where employees seize change as an opportunity to accelerate their careers and amplify customer success.We are motivated to learn and succeed together—to build our future and get things doneYour career is about what you want to be and achieve. It’s about bringing your skills, curiosity, creativity, and your true self to your work.Due to continued growth DXC Technology have an exciting opportunity for an industry leading Cyber Security Third Party Risk Manager based in the UK. You will work daily with the Supply Chain and our Business to assess vendors against cyber controls and ensure DXC is informed of vendors lacking cyber discipline and protected from engaging in high-risk relationships. We are looking for an individual enthusiastic to cultivate and build on our existing process, leveraging our tooling and AI. An individual who can establish a vision and rally a team around this vision. The candidate must be effective at communicating with various levels of IT leadership and work collaboratively across a matrixed organization.Successful candidates will be required to be eligible for SC clearanceResponsibilities Manage and facilitate the overall cyber risk assessment function for third-party vendors Own the process to conduct cyber risk assessments on vendors, manage risks related to those assessments, and respond to client requests about DXC’s cyber posture Continuously monitor third-party vendors for changes in posture and adverse alerts Track and mitigate risks that result from third-party assessments Collaborate with Supply Chain and Legal to continually streamline and mature the third-party cyber risk assessment process Maintain process alignment with the NIST Cybersecurity Framework Contribute to the documentation of policy and standards changes related to third-party risk Be our cybersecurity subject matter expert for third-party risk Provide reporting metrics that tell the story of third-party risk from a cyber perspective and use these metrics to inform and drive improvements to the process Manage a team of risk analysts to carry out the service, provide guidance, and cultivate their individual growth Educate and increase awareness of information security policies and best practices. Deliver strong written and presentation skills to senior leaders regarding the global risk profile.Required Skills Strong communication and business relationship skills Delivery-focused mindset that will be able to work in a fast-paced environment with shifting priorities. Ability to organize and execute projects to drive process improvements Knowledge of a wide variety of information security concepts, services, and technologies Ability to present and discuss IT security strategy and business decisions with senior management Maintain a solid understanding of cyber risk, controls mapping, and business processes Able to act independently when making technical or business decisions Knowledge of information security best practices, regulatory concerns, and security standardsEducation And Experience Demonstrable years of relevant experience desired Several years of experience conducting third-party risk assessments using risk and control frameworks, including ISO, NIST, or other industry standards Proven experience in cybersecurity management roles IT Security, technology, or other relevant Certifications are a plusAt DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.