Senior Cyber Analyst - Third Party Tech & Cyber Risk The Senior Cyber Analyst is part of Third-Party Tech & Cyber Risk, which is part of the Technology & Cyber Risk function within the Technology Business Unit. This role will support the manager in aligning to the strategy and execution of our third-party technology risk management, third party cyber security management, relevant technology and cyber clauses within the contractual management process and overall governance of technology third parties. This role is responsible for adhering to and identifying improvements to relevant frameworks, policies, practices and controls to maintain the risk posture within the appetite.
Responsibilities Adhere to the Third-Party Technology & Cyber Risk Management Framework and support the delivery of associated strategy, target state roadmap, and supporting processes and procedures.
Conduct in-depth risk assessments and due diligence on potential and existing third-parties to identify risks and compliance gaps.
Engage third-parties based on the non-compliance and potential cyber security issues identified via continuous passive security posture management technologies. Conduct risk assessments and develop a plan with the third-parties to remediate non-compliance and/or potential security issues.
Establish and maintain the governance structure for ongoing management of third-party relationships, including regular performance and compliance reviews.
Collaborate with all technology teams to embed effective vendor management practices aligned to the TAL Procurement Procedure and Vendor Management Model.
Identify potential areas for improvement for vendor governance, enhancement and upgrade by maintaining a good working knowledge of all services provided to TAL business units.
Assist with the assurance and compliance activities to demonstrate the effectiveness of Third-Party Technology & Cyber Risk Management function. Address the corrective actions and resolve gaps identified during the assurance and compliance activities.
Support and assist with the negotiation, implementation, and management of technology and cyber clauses in the third-party contracts with the Legal. Uplift those technology and cyber clauses in the contractual terms in line with regulatory and threat environment changes, as needed.
Monitor and report on third-party compliance with technology and security requirements as well as their performance against contracts, and coordinate the corrective action, as needed.
Develop and deliver training to internal stakeholders on Third-Party Technology & Cyber Risk Management practices.
Qualifications Bachelor's degree in business, Finance, Information Technology, or a related field. Relevant professional certifications (e.g., CISM, CRISC, CISSP) is a plus.
Minimum of 2 years of experience in Third-Party Risk Management, Technology Risk, Cyber Security, or a related field with proven experience of supporting, implementing and managing third party risk management programs.
Strong understanding of regulatory compliance standards relevant to third-party risk and security (e.g., APRA CPS234 / CPS230, SOX, ISO 27001, NIST CSF, Privacy Act, SOCI, etc.).
Strong communication skills with the ability to translate risk into business impact.
Self-starter with strong organisational skills in a highly-adaptive and fast-paced environment.
Customer-oriented mindset and ability to apply a collaborative approach to achieving business outcomes.
Thinker and doer with a pragmatic approach to make decisions and at the same time focused on outcomes.
As part of the recruitment process, there are a number of checks which may be conducted to demonstrate your eligibility for a role at TAL including Criminal History, Bankruptcy, Entitlement to Work, Regulatory and Reference Checks.
Additional Information At TAL we value diversity in all its forms and are committed to fostering an inclusive and equitable culture for all our people. We encourage Aboriginal and Torres Strait Islander people, individuals from all backgrounds, including those with caring responsibilities, people living with disability, and individuals from the CALD and LGBTQI+ communities to apply. Even if you don't check every box in the criteria above, we encourage you to apply today or get in touch with us here.
TAL is recognised by the Workplace Gender Equality Agency as an Employer of Choice. We are proud to be a member of Diversity Council Australia and the Australian Network on Disability. For information on our reconciliation journey, take a look at our Innovate Reconciliation Action Plan.
We acknowledge the Traditional Custodians of the Land in which our Head Office is based, the land of the Gadigal people of the Eora Nation, and recognise their deep connections to the land, sea, and culture. We extend this acknowledgment to the many Traditional Lands that we operate across and pay our respects to Elders past, present, and emerging.
#LI-Hybrid
Everyone at TAL has a responsibility to do the right thing and is accountable for the way they conduct themselves. Our expectations are that you follow the principles set out in our Code of Conduct when you come to work every day. Risk management is everyone's responsibility.
#J-18808-Ljbffr