Please Note: The deadline for applying is 23.59 the day before the job posting end date.

Job Title: Cyber Security Third Party Contract Assistant Manager

Business Function: Cyber Security

Location: Kingston/Port Sunlight Office

Work-Level: 1C

Reports to: Third Party Contract Assurance Manager

Hiring Manager: Ulrika Sahlstrom

Job Purpose

To protect Unilever information assets through implementation and operation of a third party contracting governance framework, supporting the Third Party Contract Assurance Manager in ensuring only those suppliers able to meet Unilever’s security requirements are engaged by the Unilever business functions, that all suppliers have the required cyber security contract schedule included in their agreements and that contract compliance is monitored, maintained and appropriately reported.

To support the Third Party Contract Assurance Manager in ensuring adequate level of cyber security schedules are included in the overall supplier contracts so that the contract risk profile of Unilever’s third parties providing or supporting Unilever information and systems is adequately managed and addressed.

Key to the role is to support Third Party Contract Assurance Manager with managing multiple stakeholders including Business Information Security Officers, Technical Information Security Officers, Business Owners, Legal, Privacy, Procurement, IT and suppliers.

Operate the cyber security third party contract remediation framework, providing analysis and reporting to senior management and executive team. Track contract status of suppliers such as managed service providers, cloud providers, business consultancies and supply chain suppliers and maintain an ongoing view of the risk profile.

Operational Scope

Global enterprise wide, incorporating key linkages to Privacy, Legal & Procurement.

Responsibilities

To help manage the third party cyber security risk to Unilever information assets and systems. The following represent the main deliverables for this role.

Reporting & Analysis

• Operate a third party cyber security contracting governance framework including analysis, implementation, remediation and reporting processes to enable management and oversight of contract compliance.
• Support the identification and evaluation of the third party cyber security contract gaps for each Unilever supplier and for each type of suppliers.
• Provide reporting to senior management and executives, to support their understanding of the overall management of third party cyber security contract schedule implementation, supplier contract risk profile to enable escalation and decision making.

Cyber Security Contract Remediations

• Support the Contract Assurance Manager in remediation of identified issues with suppliers, while working with Unilever business owners, suppliers and external remediation service providers to ensure prompt resolution of identified issues
• Support communications and engagement activities with Unilever business / service owners, internal Cyber Security and legal teams, as well as suppliers, managed service providers.
• Establish and maintain supplier relationships by serving as a key point of contact for contractual matters relating to cyber security.
• Provide contract related issue resolution, both internally and externally from a cyber security standpoint.

Governance and Compliance

• Support the operation of governance of cyber security schedules and processes for key suppliers.
• Support the operation of required ongoing compliance activities for key suppliers.
• Operate metrics and performance indicators for all aspects of the third party cyber security contract framework.
• Responsible for ensuring compliance in relation to cyber security contracts for new supplier onboarding, existing suppliers’ extension and renewal, and communicate contractual changes to all stakeholders.
• Understand changes to standard clauses, and highlight deviations and risks, if outside of standard clauses.
• Ensure the organisation's internal contract document templates for cyber security are accurate and up to date.
• Identify opportunities to improve current contract processes and devise plans to implement these changes.
• Ensure overall contract compliance by working with all the relevant stakeholders to confirm that the right cyber security schedule is included in the final contract with the third parties.

Stakeholder Management

• Support the development and management of stakeholder relationships within Unilever and with key third parties, including within the Cyber Security team, Legal, Digital Marketing, HR, local Data Protection Officers and other businesses.
• Support the Third Party Contract Assurance Manager in acting as a key point of engagement within the Cyber Security team, Privacy, Legal, Procurement and Business Integrity.

Key Skills

• Relevant Experience: Professional qualification in information/Cyber security – e.g. CISM CISSP or equivalent is preferred.
• Proven capability of Information/Cyber Security risk management principles and practices is preferred.
• Up to date knowledge of ISO27000 series, NIST, GDPR and similar.
• Sound, broad knowledge of IT and its business context.
• Understanding of Contracting framework in connection with third parties.
• Broad knowledge of IT Security technical control requirements.
• Understanding of fundamental networking principles.
• Understanding and knowledge of regulatory aspects of information security including data protection legislation and SOX.
• Proven capability of designing and operating a supplier risk management framework.
• Excellent communication and stakeholder management.

Essential

• Min 3 years hands-on experience in Information/Cyber Security role.
• 5 years industry experience working within a large complex business environment requiring analysis of data flows and making balanced risk decisions.
• Providing risk based security evaluations and evidence of assessing, identifying and reporting risks resulting from a control framework.
• Achieving outcomes and results by influencing the way resources not in your control are utilised.

Preferable

• Experience working with corporate cloud supplier relationships.
• Experience within a consumer goods or retail environment.

Equity, Diversity & Inclusion at Unilever

Unilever is an equal opportunities employer and welcomes applications from all sections of society. We are committed to creating a diverse and inclusive workplace and strive to achieve a family-friendly and inclusive environment. We offer a range of support for our employees, including employee resource groups and development opportunities.

What We Offer

Competitive salary and pension scheme, annual bonus, subsidised gym membership, discounted staff shop and shares. Flexible and hybrid working environment, with opportunities for development and growth.