You will be based in one of our offices in Chennai, Gurugram, Montevideo, Prague, or San Jose as part of the Supplier Risk team within Optimize, S7Clear’s global procurement function that delivers distinctive, positive and productive experiences through various services ranging from travel, events, real estate, sourcing, technology, and purchasing.
The Supplier Risk team leads and oversees the firm’s global supplier risk management program. You will report to the Director of Supplier Risk and work cross-functionally with key stakeholders including Cybersecurity, Risk, Compliance and IT as you support, shape and deliver on the firm’s supplier cybersecurity risk initiatives.
You will be responsible for mitigating supplier cybersecurity risks in the firm’s supplier onboarding process and across its supply base. You will ensure the robustness and efficiency of cyber controls in our end-to-end procurement lifecycle, while being able to balance cybersecurity requirements with supplier risk and business objectives.
You will work closely with the One Firm Cybersecurity (OFCS) team to streamline and seamlessly integrate cyber assessments into our supplier onboarding process. You will deliver on and represent Optimize supplier cybersecurity priorities across the firm. You will assess and analyze supplier data and cybersecurity risks across our procurement processes.
You will report on security compliance for suppliers, incidents, Key Performance Indicators (KPIs) and Objectives and Key Results (OKRs). You will proactively identify gaps and improvement opportunities and collaborate with other teams to problem solve viable solutions. You will propose functional process changes, controls and compliance measures as needed. You will gain alignment across teams and lead/support the implementation of agreed recommendations on behalf of the procurement team.
You will foster and champion a “risk first” culture and create awareness across the firm on supplier cybersecurity risk topics. You will build rapport and develop trust-based relationships with key stakeholders and other risk teams that work on supplier and cybersecurity issues. You will be a subject matter expert and advise colleagues on cyber risk topics as they relate to supplier and procurement processes.
- Bachelor’s/university degree required
- 7+ years of relevant experience in cybersecurity, information security or related field
- Deep knowledge of cybersecurity policies, standards and best practices
- Experience in third-party risk management and/or procurement processes
- Understanding of information security testing methods, including vulnerability assessments and penetration testing
- Experience implementing cyber processes and controls, including ongoing improvement opportunities
- Technical understanding of the cybersecurity landscape and working knowledge of common information security controls, guidelines and standards (e.g., ISO27001, OWASP, SOC 2, NIST)
- Project and process management skills, with expertise prioritizing and managing multiple projects/tasks simultaneously
- Demonstrated experience in developing documents and presenting complex information to colleagues at all levels
- Excellent stakeholder engagement skills to achieve collaboration and alignment
- Global experience in a professional services or consulting environment a plus