Description
The opportunity:
In cybersecurity, we safeguard our business and ensure the delivery of top-tier, secure products and services to our customers. In cybersecurity risks management for suppliers, we collaborate in multi-stakeholder partnerships to protect our supply chain from any organizational risks. Together, we secure our supply chain by assessing, monitoring, and addressing any risks identified within our supply base.
In collaboration with other departments, the job holder will review observations from the cyber risk assessment, offer recommendations to address these findings, and monitor remediation actions with suppliers until they are fully closed.
How you’ll make an impact:
Conduct an Inherent Risk Assessment with internal stakeholders to determine the risk rating.
Review and evaluate Inherent Risk Assessments for new and active suppliers.
Convey the risk rating and provide information about the next steps.
Perform a Cyber Risk Assessment to identify and evaluate complex business and technology risks associated with suppliers and provide recommendations for managing those risk.
Develop and communicate the remediation plan and respective timelines to the relationship manager.
Builds relationships with business teams within the organization to support Inherent Risk Assessment and supplier cyber risk management activities from their respective teams.
Conduct the assessments in OneTrust tool.
Review Bitsight security rating in Bitsight.
Leverage technology and cyber risk management tools to enhance incident response capabilities.
Responsible to ensure compliance with applicable external and internal regulations, procedures, and guidelines.
Living Hitachi Energy’s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business.
Your background:
Bachelor’s/ master’s degree in information technology or related field.
2-3 years’ experience in information technology.
Good understanding of information security and risk frameworks/standards such as ISO27001/2/5, ISO31000,NIST CSF/800-53, etc.
Certified as an ISO 27001 Lead Implementor/Auditor is advantageous.
Knowledge of One Trust, Service Now and BitSight is preferable.
Working knowledge of key risk areas such as compliance risk / regulatory risk and one or more of the following domains like Security Governance and Management, Security Policies and Procedure, Application Management Controls, Identity and Access Management Control, Supplier Risk Management, Incident Response, Cyber Resilience, Privacy and Data Protection, Cloud Security & Business Continuity and Disaster Recovery.
Experience with internal controls, risk assessments, business process, and/or internal IT control testing.
Proficiency in both spoken & written English language is required.