Cyber Security Third Party Contract Assistant Manager

Job Title: Cyber Security Third Party Contract Assistant Manager

Location: UniOps Bangalore

ABOUT UNILEVER:

Be part of the world’s most successful, purpose-led business. Work with brands that are well-loved around the world, that improve the lives of our consumers and the communities around us. We promote innovation, big and small, to make our business win and grow; and we believe in business as a force for good. Unleash your curiosity, challenge ideas and disrupt processes; use your energy to make this happen. Our brilliant business leaders and colleagues provide mentorship and inspiration, so you can be at your best. Every day, nine out of ten Indian households use our products to feel good, look good and get more out of life – giving us a unique opportunity to build a brighter future.

Every individual here can bring their purpose to life through their work. Join us and you’ll be surrounded by inspiring leaders and supportive peers. Among them, you’ll channel your purpose, bring fresh ideas to the table, and simply be you. As you work to make a real impact on the business and the world, we’ll work to help you become a better you.

Job Description:

• To protect Unilever information assets through implementation and operation of a third party contracting governance framework, supporting the Third Party Contract Assurance Manager in ensuring only those suppliers able to meet Unilever’s security requirements are engaged by the Unilever business functions, that all suppliers have the required cyber security contract schedule included in their agreements and that contract compliance is monitored, maintained and appropriately reported.

• To support the Third Party Contract Assurance Manager in ensuring adequate level of cyber security schedules are included in the overall supplier contracts so that the contract risk profile of Unilever’s third parties providing or supporting Unilever information and systems is adequately managed and addressed.

• Key to the role is to support Third Party Contract Assurance Manager with managing multiple stakeholders including Business Information Security Officers, Technical Information Security Officers, Business Owners, Legal, Privacy, Procurement, IT and suppliers.

• Operate the cyber security third party contract remediation framework, providing analysis and reporting to senior management and executive team. Track contract status of suppliers such as managed service providers, cloud providers, business consultancies and supply chain suppliers and maintain an ongoing view of the risk profile.

OPERATIONAL SCOPE:
Global enterprise wide, incorporating key linkages to Privacy, Legal & Procurement.

RESPONSIBILITIES:
To help manage the third-party cyber security risk to Unilever information assets and systems. The following represent the main deliverables for this role.

REPORTING & ANALYSIS:

• Operate a third-party cyber security contracting governance framework including analysis, implementation, remediation and reporting processes to enable management and oversight of contract compliance.

• Support the identification and evaluation of the third-party cyber security contract gaps for each Unilever supplier and for each type of suppliers.

• Provide reporting to senior management and executives, to support their understanding of the overall management of third party cyber security contract schedule implementation, supplier contract risk profile to enable escalation and decision making.

CYBER SECURITY CONTRACT REMEDIATIONS:

• Support the Contract Assurance Manager in remediation of identified issues with suppliers, while working with Unilever business owners, suppliers and external remediation service providers to ensure prompt resolution of identified issues

• Support communications and engagement activities with Unilever business / service owners, internal Cyber Security and legal teams, as well as suppliers, managed service providers.

• Establish and maintain supplier relationships by serving as a key point of contact for contractual matters relating to cyber security.

• Provide contract related issue resolution, both internally and externally from a cyber security standpoint.

GOVERNANCE AND COMPLIANCE:

• Support the operation of governance of cyber security schedules and processes for key suppliers.

• Support the operation of required ongoing compliance activities for key suppliers.

• Operate metrics and performance indicators for all aspects of the third-party cyber security contract framework.

• Responsible for ensuring compliance in relation to cyber security contracts for new supplier onboarding, existing suppliers’ extension and renewal, and communicate contractual changes to all stakeholders.

• Understand changes to standard clauses, and highlight deviations and risks, if outside of standard clauses.

• Ensure the organisation's internal contract document templates for cyber security are accurate and up to date.

• Identify opportunities to improve current contract processes and devise plans to implement these changes.

• Ensure overall contract compliance by working with all the relevant stakeholders to confirm that the right cyber security schedule is included in the final contract with the third parties.

STAKEHOLDER MANAGEMENT:

• Support the development and management of stakeholder relationships within Unilever and with key third parties, including within the Cyber Security team, Legal, Digital Marketing, HR, local Data Protection Officers and other businesses.

• Support the Third-Party Contract Assurance Manager in acting as a key point of engagement within the Cyber Security team, Privacy, Legal, Procurement and Business Integrity.

• Direct Reports

Key Interfaces:

• IT Security Operations

• Cyber Security

• Legal (including external legal counsel)

• Procurement

• Data Privacy

• Critical success factors for the Job

Key Skills:

Relevant Experience:

• Professional qualification in information/Cyber security – e.g. CISM CISSP or equivalent is preferred.

• Proven capability of Information/Cyber Security risk management principles and practices is preferred.

• Up to date knowledge of ISO27000 series, NIST, GDPR and similar.

• Sound, broad knowledge of IT and its business context.

• Understanding of Contracting framework in connection with third parties.

• Broad knowledge of IT Security technical control requirements.

• Understanding of fundamental networking principles.

• Understanding and knowledge of regulatory aspects of information security including data protection legislation and SOX.

• Proven capability of designing and operating a supplier risk management framework.

• Excellent communication and stakeholder management.

Essential:

• Min 3 years hands-on experience in Information/Cyber Security role.

• 5 years industry experience working within a large complex business environment requiring analysis of data flows and making balanced risk decisions.

• Providing risk-based security evaluations and evidence of assessing, identifying and reporting risks resulting from a control framework.

• Achieving outcomes and results by influencing the way resources not in your control are utilised.

Preferable:

• Experience working with corporate cloud supplier relationships.

• Experience within a consumer goods or retail environment.

Note: "All official offers from Unilever are issued only via our Applicant Tracking System (ATS). Offers from individuals or unofficial sources may be fraudulent—please verify before proceeding