A Global Insurance Service provider is looking for a Third Party Information Security Risk Analyst
.
This position will report to the APAC Third Party Regional Lead, Cyber Risk and Assurance, with a dotted line report to the CIO of Japan.
The global team is located in Singpapore, the UK, and India.
Responsibilities:
- Management and completion of inherent risk ranking of ALL suppliers in compliance with the Global Third-Party Cyber Risk policy. This includes liaising with and working alongside the Global Third-Party team as well as Business relationship Owners.
- Risk assessments of Cloud providers
- Identification, tracking and management of issues and control deficiencies relating to Third Parties, including liaising with the business owners to support remediation activities.
- Maintenance and management of the Information Security Third Party Inventory and the Issues Register in co-ordination with the Enterprise Risk Management strategy and approach.
- Performance and execution of Third Party Cyber Risk assessments initiated by business.
- Where applicable, executing, management and oversight of performing Third Party assessments meeting applicable SLA’s.
- Reviewing information security policies, standards, guidelines and baselines in place and being developed.
- Contributing towards Security Awareness Training and helping the business to improve understanding of and reduce Third Party risk to acceptable levels.
- Assist with internal security reporting, including steering committees and updates for senior management.
- Management of Third-Party related information security projects.
- Develop and enhance the programmed, progressing currently identified and future improvements to make the function more effective and efficient.
- Provide support to the TPCR Regional Lead and engage with the wider information Security team.
Required Skills:
- High level of business acumen, preferably in a regulated/financial industry
- Five + years of information security experience with a focus on risk assessments and controls, governance, risk management, program development, compliance, and/or auditing. Previous experience of supporting or managing a Third-Party risk assessment programme is essential.
- Expert-level knowledge of both the business and technical aspects of information security, including third party security risk and European data protection regulation.
- Demonstrated ability to understand and analyse complex business processes and technologies to make sound recommendations to non-technical constituents
- Strong broad-based technical background (distributed/mainframe, database, web-based application development, etc.)
- Strong risk-based analysis and decision-making skills
- Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) or attestation reports (e.g., SOC 1/2)
- eGRC system or similar system administration experience a plus
- Experience reviewing, and redlining agreements is a plus
- Ability to multitask and manage competing priorities
- Excellent time management and organizational skills
- Excellent interpersonal, customer service and conflict management skills
- Excellent written and verbal communication skills both in Japanese and English
- Proficient use of personal computers and Microsoft Office Suite
Why should you apply:
- Long term work opportunity, plus WFH available
- Good opportunity for a challenge as team is in a transition phrase
- Straightforward, get going culture
- Flexibility working time
- Users/ team are logical and easy to change
- Great team dynamics and learning opportunity
- Opportunities to learn/brush-up English/Japanese language
Company Details:
A leading global provider of property and casualty insurance, this company is known for its commitment to innovation, diversity, and employee development. With a strong presence in over 50 countries, employees have the opportunity to work in a dynamic and inclusive environment where personal and professional growth is encouraged. The company values collaboration, integrity, and excellence, offering comprehensive training, career development programs, and competitive compensation packages. A culture of respect and inclusivity is promoted, ensuring that employees feel empowered to contribute, grow, and make a difference in their roles while helping the organization deliver world-class insurance products and services globally.
Working Hours
: 9:00 - 18:00 (Mon-Fri)
Working Style:
3 days’ work in office, and 2 days’ work from home
Holidays:
Saturday, Sunday, National Holidays, Year-end and New Year Holidays, Paid Holidays
Services/Benefits:
Transportation expenses up to 20,000 yen per month, plus Paid leave, plus social insurance (health insurance, welfare pension, and work-related accident insurance), Periodic health examination, and Employment insurance
