Third-party cyber security analyst

Position Purpose

The
3rd Party Cyber Risk Analyst
works closely with the 3rd Party Cyber Security Manager, is responsible for implementing the Supplier cyber risk assessment and cyber risk finding workflows, and actively advising Supply Chain (P&SC) and Business owner on Supplier cyber security vulnerabilities and issues.

This position requires a self-driven individual, with sound knowledge of business processes, a thorough knowledge of security technologies or supplier management and good communication skills.

The 3rd Party Cyber Risk Coordinator will need to work with the P&SC Organization along with the Cyber and IT organization in an effort to evaluate our Suppliers and manage the potential risk to SLB through the supplier cyber risk assessment program.

This position offers an opportunity to make a strong impact across a company committed to its employees and customers.

Key Responsibilities

• Follow and enforce processes to ensure compliance with the supplier cyber risk program

• Supplier Management Procedure Tier III

• Sourcing Guidelines

• Funnel high and medium inherent cyber risk rated suppliers into cyber risk assessment workflow

• Manage Suppliers cyber risk assessments workflow

• Engage with Supplier Manager to kick off Supplier cyber assessment and provide

• Create suppliers contact in Lockpath
• Send Supplier cyber assessment and provide support with any required clarification
• Perform assessment review once submitted by Supplier and reopen for augmented responses as needed
• Complete a proposed treatment plan as per provided recommended measures guidelines for each unveiled risk
• Submit treatment plan for P&SC and Line management approval, and to be forwarded to the Supplier
• Follow the approval process and escalation as required for Acceptance of a Minor, Major or Critical findings
• Follow up with Supplier Manager / Supplier on agreed actions, due dates and owners

• Close assessment process and follow up on resulted actions

• Provide supplier cyber security vulnerability awareness to Supply Chain and Business owner

• Assist on Suppliers related Cyber security incidents investigations
• Help enforce regulatory requirements, e.g., GDPR

Qualifications
Education and Experience

Education: A Bachelor of Science degree from an accredited university in the area of engineering, computer science or computer information systems is strongly preferred; equivalent work experience may be considered.

Experience: Minimum of five years of experience within one or more of the following areas of integrating security into the business, security risk management, information processes, product security, business architecture positions, supplier management.

Additional: Applicant must have a valid work permit.

Professional supplier Management or Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials would be a strong plus

General Requirements:

• Experience working with Suppliers or Analyzing 3rd party Risk
• Experience in preparing management summary presentations
• Must be a critical thinker, with strong problem-solving skills.
  
  
• Strong Analytical skills
• Ability to work at level from initial concept to operational implementation.
  
  
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security related concepts to technical and nontechnical audiences.
  
  
• Ability to discuss technical matters with 3rd parties, and be able to influence them so that they improve their Cyber Security posture
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST would be a plus
• Familiarity and adherence to change management policies and procedures.
  
  
• Self-driven & Creative thinker
• High standards, strong attention to detail.
  
  
• Ability to work in a fast-paced large enterprise environment
• Willing to work flexible hours when required and appropriate
• Fluency in English
• Must have a strong, demonstrated commitment to customer service and be committed to pro-active review of processes and procedures to continually enhance service quality, service delivery and support

Education and Experience

Education: A Bachelor of Science degree from an accredited university in the area of engineering, computer science or computer information systems is strongly preferred; equivalent work experience may be considered.

Experience: Minimum of five years of experience within one or more of the following areas of integrating security into the business, security risk management, information processes, product security, business architecture positions, supplier management.

Additional: Applicant must have a valid work permit.

Professional supplier Management or Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials would be a strong plus