Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.
Role Overview
The role will focus on supporting colleagues conducting third-party vendor security assessments and managing supply chain threats from a cyber security perspective. You will support the assessing, tracking, and reporting of third-party cyber risk throughout the global organization.
Responsibilities:
Participate in key phases of the third-party cyber risk management lifecycle, from the execution of onboarding security reviews to the offboarding of vendors.
· Conduct third-party security assessments and identify and mitigate cyber risks to the organizations cyber security posture from third-party vendor relationships.
· Follow established third-party cyber security risk management program guidelines to complete the onboarding of third party-vendors.
· Collaborate with various stakeholder teams to identify and communicate cyber security risk from third-party relationships and drive residual risk to acceptable levels.
· Participate in the training and education of staff in third-party risk management processes as needed.
· Support initiatives assisting improvement of third-party cyber risk management process as needed.
· Complete tasks with minimal supervision, in a collaborative, supportive environment
· Support team colleagues in the execution of their duties providing effective guidance, challenge, assurance, and oversight.
· Report and deliver Information Security & Cyber risk assurance/review activity consulting with management to formulate and agree effective solutions to any identified shortfalls.
· Perform other cyber security risk duties as needed.
Essential Requirements:
· Experience in third-party or cyber/IS Risk Management of 1+ years.
· Experience in performing ITGC testing or IT/IS Assurance of 1+ years.
· Experience of performing business controls testing of 1+ years.
· Experience in the mitigation and/or remediation of cybersecurity vulnerabilities.
· Knowledge of third-party risk strategies and best practices.
· Troubleshooting, reasoning, and problem-solving skills
· The ability to pick up and quickly understand new concepts and technology.
· Team-oriented and skilled in working within a collaborative environment.
· Ability to effectively multi-task, prioritize and tasks.
· Ability to work independently and collaborate with geographically dispersed teams.
· Skilled in the use of Microsoft Office suite.
· Excellent written and verbal communication, interpersonal and intercultural skills.
· Fluent in English language – written and verbal.
· A strong work ethic and passion for finding answers.
Desired Requirements:
· Knowledge and experience with industry standards and best practice including the ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and NIST Cybersecurity Framework.
· Relevant industry certifications e.g., CRISC, CISA, CompTIA Security+.
· To stay current with industry trends in third-party and cyber security risk.
Language Capabilities / International Experience
We are a truly global law firm and as such, always welcome individuals with foreign language capabilities. Additionally, we welcome individuals with a global background including professional experience gained across different geographies.
