GRC – Vendor Risk Management Analyst

Dla naszego klienta Ryanair Labs Wrocław poszukujemy osoby na stanowisko GRC – Vendor Risk Management Analyst.

Description

Ryanair Labs are currently recruiting for a Vendor Risk Management Analyst to join Europe’s Largest Airline Group!

This is a very exciting time to join Ryanair as we look to expand our operation to 800 aircraft and 300 million guests within the next 10 years.

Ryanair Labs is the technology brand of Ryanair. Labs is a state of-the-art digital & IT innovation hub creating Europe’s Leading Travel Experience for our customers.

The Role

The Third Party Risk Management Analyst will oversee the communications, monitoring, and quality review of required activities for active and prospective third party vendor services, with a focus on identifying and mitigating cybersecurity risks to protect the organization’s data and systems.

Responsibilities

• Manage the Third Party Risk Management Program, with a specific focus on developing, enhancing, and implementing cybersecurity risk mitigation strategies, while providing oversight and governance to ensure effective management of vendor-related cybersecurity risks.
• Perform the vendor risk assessment process, including the review and scoring of risk questionnaires, focusing on identifying cybersecurity threats and completing the overall risk assessment to ensure the security of third-party systems.
• Support the development and maintenance of a master vendor list, including data cleansing, validation, de-duplication, and ensuring that all vendor data adheres to security standards.
• Report and monitor vendor cybersecurity risks, including data collection and analysis, periodic ongoing reporting, and monitoring to identify potential security breaches or non-compliance.
• Ensure that potential cybersecurity issues are raised promptly to senior management, with a focus on identifying options to mitigate risk and protect sensitive information.
• Support business relationships with vendors and internal stakeholders to ensure a comprehensive vendor risk assessment program is in place.
• Ensure alignment of the vendor risk management program with key cybersecurity compliance requirements, including PCI and GDPR, to safeguard the organization’s data and systems.
• Assist with aligning vendor controls to demonstrate how they are mitigating information security risks, particularly around data protection and system integrity.
• Understand technical implementation details necessary to identify, assess, and mitigate vendor security risks, providing recommendations for effective controls.
• Collaborate with Information Security Technical teams to communicate technical cybersecurity risks to business leaders and ensure risk mitigation strategies are in place to protect organizational assets.
  
  

Requirements

• 2+ years of experience in CyberSec Third Party Risk Management, Information Security, CyberSecurity.
• Proven experience with data administration and analysis, with a focus on cybersecurity risk data.
• Preferable certifications: CISA, CISSP, CISM or other cybersecurity-related certifications.
• Experience with industry standard security frameworks such as NIST, ISO, COBIT.
• Knowledge of OneTrust, JIRA and ServiceNow is an advantage.
  
  

Benefits And Form Of Employment

Contract of employment (permanent contract after trial period)

• Possible hybrid model (2 days from the office weekly)
• Option to participate in trainings and conferences
• Staff travel benefits from day one
• Multisport card
• Private health care
• Group insurance scheme
  
  

Other Benefits

• Possibility of taking part in trainings and certifications
• Great chance to meet your colleagues in other offices
• Annual events (i.e. St. Patrick’s Day )
• Regular social meetings
• Paid referral system
• New office building surrounded by great dinettes right in the city centre