Senior Analyst - Third Party Risk Management (TPRM)

Job Purpose:

• Develop and maintain Security Controls relating to AXA's 3rd Party suppliers.
• Carry out reviews/audits/risk assessments to ensure Third Parties are compliant to inhouse Security standards.
• Align AXA's 3rd Party security assurance to the group standards.
• Ensure Contracts include security schedules.
• Own relationships with third party suppliers and follow up on unresolved issues.
• Support, review and quality assure assurance Reporting and Dashboard.

Key Responsibilities:

• Collaborate with Manager and establish a supplier security assurance framework.
• Ensure the framework is aligned with AXA procurement process and vendor due diligence process. Experience required - 3 to 6 years.
• Assess and develop a supplier information risk tiering to rate suppliers based on criticality of services to be delivered to AXA and its impact to AXA.
• Engage with wider AXA stakeholders to understand and gather AXA supplier strategy and risk management requirements.
• Assess and develop a set of security requirements from AXA Information policy framework to be included as part of supplier contract schedules.
• Engage with Manager to develop an engagement model to assess and review all new suppliers with inputs on control requirements from the Security risk assessment team.
• Perform an initial review and due diligence of supplier logical and physical security controls.
• Engage with Security Risk Assessment team to validate supplier due diligence findings and highlight to AXA stakeholders, procurement teams identified security risks. Support the supplier on boarding process.
• Conduct regular reviews of supplier security compliance to contractual requirements and report on performance and SLAs.
• Assess and rate supplier compliance and provide recommendations to resolve outstanding issues.
• Report to stakeholders on current supplier risks and historical performance with KPIs and Dashboards.
• Ensure supplier fulfil all contractual obligations before off boarding process is completed.
• Negotiate Security clauses to be included in contracts with supplier.

Key stakeholders:

• Internal actors: Expected to interact with IT Operations & Business Operations, Group Procurement, Legal, Data Privacy, Local Information Security teams and peers.
• External actors: Expected to interact with external service providers and vendors.