Our Lerge Enterprise client is looking for a team of 2 to run a piece of work to identify their high risk suppliers and then conduct some further work on these to understand what they do for the organisation and what controls they have in place.
Business rationale:
Managing the cyber risk of external dependents is a key area of focus for the Cyber Transformation Program.
Phase 1 of this initiative has focused on defining cyber requirements and the process for external partner organisations and embedding them into the project and procurement life-cycle.
Phase 2 has involved building a cyber-risk classification register for all of the organisation's external partners and designing a process to discover what systems and data management access these high-risk partners have.
Scope / Requirements:
- Lead and execute the discovery process for all high-risk external partner organisations identified in the register.
- This will entail:
- Facilitating pre-engagement sessions with the identified high-risk external partners and relevant internal stakeholders
- Obtain requirements and restrictions applicable to the organisation's operator license conditions to inform the audit framework
- Develop a plan, prioritising partner organisations of cyber critical systems
- Devise and issue self-reporting tool to obtain base-line data on each partner organisation
- Compilation and analysis of the results of self-reporting tool with the external partner organisationPreparation and delivery of a report describing the results of this discovery process
Required skills and experiences:
- Experience of [cyber] supplier risk / risk management
- Business analysis skills
- Strong communications skills (both written and oral)
- Strong stakeholder management skillsProject management skills
To indicate your interest, please apply via the link or Call Eugene on 94094710 for a detailed and confidential discussion
