You will be based in one of our offices in Chennai, Gurugram, Montevideo, Prague, or San Jose as part of the Supplier Risk team within Optimize, S7Clear’s global procurement function that delivers distinctive, positive and productive experiences through various services ranging from travel, events, real estate, sourcing, technology, and purchasing.

The Supplier Risk team leads and oversees the firm’s global supplier risk management program. You will report to the Director of Supplier Risk and work cross-functionally with key stakeholders including Cybersecurity, Risk, Compliance and IT as you support, shape and deliver on the firm’s supplier cybersecurity risk initiatives.

DUTIES

You will be responsible for mitigating supplier cybersecurity risks in the firm’s supplier onboarding process and across its supply base. You will ensure the robustness and efficiency of cyber controls in our end-to-end procurement lifecycle, while being able to balance cybersecurity requirements with supplier risk and business objectives.  

You will work closely with the One Firm Cybersecurity (OFCS) team to streamline and seamlessly integrate cyber assessments into our supplier onboarding process. You will deliver on and represent Optimize supplier cybersecurity priorities across the firm. You will assess and analyze supplier data and cybersecurity risks across our procurement processes.  

You will report on security compliance for suppliers, incidents, Key Performance Indicators (KPIs) and Objectives and Key Results (OKRs). You will proactively identify gaps and improvement opportunities and collaborate with other teams to problem solve viable solutions. You will propose functional process changes, controls and compliance measures as needed. You will gain alignment across teams and lead/support the implementation of agreed recommendations on behalf of the procurement team.   

You will foster and champion a “risk first” culture and create awareness across the firm on supplier cybersecurity risk topics. You will build rapport and develop trust-based relationships with key stakeholders and other risk teams that work on supplier and cybersecurity issues. You will be a subject matter expert and advise colleagues on cyber risk topics as they relate to supplier and procurement processes.

QUALIFICATIONS

• Bachelor’s/university degree required 
• 7+ years of relevant experience in cybersecurity, information security or related field  
• Deep knowledge of cybersecurity policies, standards and best practices  
• Experience in third-party risk management and/or procurement processes
• Understanding of information security testing methods, including vulnerability assessments and penetration testing 
• Experience implementing cyber processes and controls, including ongoing improvement opportunities 
• Technical understanding of the cybersecurity landscape and working knowledge of common information security controls, guidelines and standards (e.g., ISO27001, OWASP, SOC 2, NIST) 
• Project and process management skills, with expertise prioritizing and managing multiple projects/tasks simultaneously 
• Demonstrated experience in developing documents and presenting complex information to colleagues at all levels 
• Excellent stakeholder engagement skills to achieve collaboration and alignment 
• Global experience in a professional services or consulting environment a plus

You will be based in one of our North America offices as part of the Supplier Risk team within Optimize, S7Clear’s global procurement function that delivers distinctive, positive and productive experiences through various services ranging from travel, events, real estate, sourcing, technology, and purchasing. 

The Supplier Risk team leads and oversees the firm’s global supplier risk management program. You will work closely with a global cross-functional team led by the Director of Supplier Risk Strategy, to manage a global supplier onboarding program and technology. 

DUTIES

You will shape and implement approaches to deliver on Optimize’s ESG, risk, and automation strategies.

You will be responsible for managing the risk-based processes that will enable an efficient and effective end-to-end supplier onboarding program and user experience. This includes the ongoing development and implementation of S7Clear’s supplier risk framework and delivering risk programs to achieve excellence in managing supplier onboarding risk. 

You will foster strong partnership and collaborate regularly with global firm functions and risk teams including Finance, Global Social Responsibility, Compliance, Sanctions, Data Privacy/Security, Sourcing and Legal. 

You will work with Supplier Operations team to ensure effective risk management, timely risk escalations and training for ensuring governance, for overseeing that risk is being appropriately analyzed, and for raising issues and escalations to the related stakeholders, with recommendations for resolution.    

You will play a leading role in continually improving the risk management capabilities, technologies, data sources and documentation of the supplier onboarding program. You will support the development of standards, reporting and other program materials and documentation while ensuring that the supplier onboarding program processes are auditable. You will partner with the broader Supplier Risk team to foster and coach a risk first awareness culture at S7Clear. 

In addition, you will support supplier incident response, coordinating with the incident response team to ensure relationship management, prompt communication, investigation and risk mitigation. You will stay ahead of risk issues and drive special projects that address emerging risks, market developments and/or internal customer needs. You can expect to manage a broad range of interesting projects on a global level. 

QUALIFICATIONS

• 7+ years of professional experience out of which 5+ years spent in enterprise or third-party risk management, ideally in a global firm 
• In-depth knowledge and firsthand experience of developing risk assessment methodologies, internal controls, processes and principles related to end-to-end supplier risk management, preferably in indirect procurement 
• Superior communication & interpersonal skills, including the ability to present to a global audience on a regular basis, build and maintain highly effective and collaborative relationships
• Ability to drive change proactively and independently, meet deadlines, and inspire confidence among senior leadership 
• Demonstrated ability to learn new concepts and ideas, and to apply those concepts across multiple content areas 
• Professional, impartial, and independent attitude with a high degree of integrity 
• Ability to work with cross-functional teams covering various organizational levels  
• Strong professional computing skills, including Microsoft Office products (i.e., Excel, PowerPoint, Visio) 
• Comfortable with ambiguity in a work-setting, knowing how to address and manage unpredictable outcomes