Cyber Security Third Party Contract Assistant Manager

Please Note: The deadline for applying is 23.59 the day before the job posting end date.

Job Title: Cyber Security Third Party Contract Assistant Manager

Business Function: Cyber Security

Location: Kingston/Port Sunlight Office

Work-Level: 1C

Reports to: Third Party Contract Assurance Manager

JOB PURPOSE

To protect Unilever information assets through implementation and operation of a third party contracting governance framework, supporting the Third Party Contract Assurance Manager in ensuring only those suppliers able to meet Unilever’s security requirements are engaged by the Unilever business functions, that all suppliers have the required cyber security contract schedule included in their agreements and that contract compliance is monitored, maintained and appropriately reported.

To support the Third Party Contract Assurance Manager in ensuring adequate level of cyber security schedules are included in the overall supplier contracts so that the contract risk profile of Unilever’s third parties providing or supporting Unilever information and systems is adequately managed and addressed.

Key to the role is to support Third Party Contract Assurance Manager with managing multiple stakeholders including Business Information Security Officers, Technical Information Security Officers, Business Owners, Legal, Privacy, Procurement, IT and suppliers.

Operate the cyber security third party contract remediation framework, providing analysis and reporting to senior management and executive team. Track contract status of suppliers such as managed service providers, cloud providers, business consultancies and supply chain suppliers and maintain an ongoing view of the risk profile.

OPERATIONAL SCOPE

Global enterprise wide, incorporating key linkages to Privacy, Legal & Procurement.

RESPONSIBILITIES

To help manage the third party cyber security risk to Unilever information assets and systems. The following represent the main deliverables for this role.

REPORTING & ANALYSIS

• Operate a third party cyber security contracting governance framework including analysis, implementation, remediation and reporting processes to enable management and oversight of contract compliance.
• Support the identification and evaluation of the third party cyber security contract gaps for each Unilever supplier and for each type of suppliers.
• Provide reporting to senior management and executives, to support their understanding of the overall management of third party cyber security contract schedule implementation, supplier contract risk profile to enable escalation and decision making.

CYBER SECURITY CONTRACT REMEDIATIONS

• Support the Contract Assurance Manager in remediation of identified issues with suppliers, while working with Unilever business owners, suppliers and external remediation service providers to ensure prompt resolution of identified issues
• Support communications and engagement activities with Unilever business / service owners, internal Cyber Security and legal teams, as well as suppliers, managed service providers.
• Establish and maintain supplier relationships by serving as a key point of contact for contractual matters relating to cyber security.
• Provide contract related issue resolution, both internally and externally from a cyber security standpoint.

GOVERNANCE AND COMPLIANCE

• Support the operation of governance of cyber security schedules and processes for key suppliers.
• Support the operation of required ongoing compliance activities for key suppliers.
• Operate metrics and performance indicators for all aspects of the third party cyber security contract framework.
• Responsible for ensuring compliance in relation to cyber security contracts for new supplier onboarding, existing suppliers’ extension and renewal, and communicate contractual changes to all stakeholders.
• Understand changes to standard clauses, and highlight deviations and risks, if outside of standard clauses.
• Ensure the organisation's internal contract document templates for cyber security are accurate and up to date.
• Identify opportunities to improve current contract processes and devise plans to implement these changes.
• Ensure overall contract compliance by working with all the relevant stakeholders to confirm that the right cyber security schedule is included in the final contract with the third parties.

STAKEHOLDER MANAGEMENT

• Support the development and management of stakeholder relationships within Unilever and with key third parties, including within the Cyber Security team, Legal, Digital Marketing, HR, local Data Protection Officers and other businesses.
• Support the Third Party Contract Assurance Manager in acting as a key point of engagement within the Cyber Security team, Privacy, Legal, Procurement and Business Integrity.

Direct Reports

Key Interfaces

• IT Security Operations
• Cyber Security
• Legal (including external legal counsel)
• Procurement
• Data Privacy

Critical success factors for the Job

Key Skills

Relevant Experience

• Professional qualification in information/Cyber security – e.g. CISM CISSP or equivalent is preferred.
• Proven capability of Information/Cyber Security risk management principles and practices is preferred.
• Up to date knowledge of ISO27000 series, NIST, GDPR and similar.
• Sound, broad knowledge of IT and its business context.
• Understanding of Contracting framework in connection with third parties.
• Broad knowledge of IT Security technical control requirements.
• Understanding of fundamental networking principles.
• Understanding and knowledge of regulatory aspects of information security including data protection legislation and SOX.
• Proven capability of designing and operating a supplier risk management framework.
• Excellent communication and stakeholder management.

Essential

• Min 3 years hands-on experience in Information/Cyber Security role.
• 5 years industry experience working within a large complex business environment requiring analysis of data flows and making balanced risk decisions.
• Providing risk based security evaluations and evidence of assessing, identifying and reporting risks resulting from a control framework.
• Achieving outcomes and results by influencing the way resources not in your control are utilised.

Preferable

• Experience working with corporate cloud supplier relationships.
• Experience within a consumer goods or retail environment.

NOTES

About Unilever

Unilever is one of the world’s leading suppliers of Food, Home and Personal Care products with sales in over 190 countries and reaching 2 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Dove, Tresemme, Lynx, Lifebuoy, Shea Moisture, Persil, Domestos, Ben & Jerry’s, Magnum, Marmite, The Vegetarian Butcher, Graze and Pot Noodle.

Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That’s why our purpose is ‘to make sustainable living commonplace’  

What We Offer

Not only do we offer a competitive salary and pension scheme, we also offer an annual bonus, subsidised gym membership, a discounted staff shop and shares. You’ll have the opportunity to work directly with our renowned and exciting brands in a flexible and hybrid working environment.

Whilst the role is advertised on a full-time basis, we would be happy to discuss possible flexible working options and what this may look like for you. We are a key advocate of wellbeing and offer a variety of support for our people including hubs, programmes and development opportunities. We strive to achieve a family-friendly and inclusive workplace and to, above all, create possibilities for all. 

Diversity at Unilever is about inclusion, embracing differences, creating possibilities and growing together for better business performance. We embrace diversity in our workforce. This means giving full and fair consideration to all applicants and continuing development of all employees regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity. We are also more than happy to provide reasonable adjustments during our application and interview process to enable you to be present your best self. To find out more, including about our Employee Resource Groups, please click here Equity, Diversity & Inclusion at Unilever | Unilever.

Recruitment Fraud

Cyber criminals advertise fake job adverts with prestigious employers as a way of stealing information or even defrauding individuals out of money. In the most sophisticated cases, they will set up fake websites, which have a similar address to companies like Unilever. They even conduct fake telephone interviews and then offer candidates a role with the proviso they pay a fee for background checks or to cover work visa costs.  These types of attacks are becoming more common as more people are looking for employment in the economic climate. 

How is Unilever tackling this?

Many of Unilever’s recruitment sites publish a warning to candidates about recruitment fraud. The Cyber Security team also proactively scan for signs of people setting up fake Unilever sites and act to close them down. 

What can I do?

If you become aware of potential recruitment fraud, spot fake Unilever recruitment adverts or fake LinkedIn profiles, report them via Una Live Chat. 

Unilever does not accept responsibility or liability for any candidates who are financially impacted by recruitment fraud. Your vigilance is key!