Security Risk Analyst (Third Party Risk)

A global Insurance Service provider is looking for a Third Party Information Security Risk Analyst.

This position will report to the APAC Third Party Regional Lead, Cyber Risk and Assurance, with a dotted line report to the CIO of Japan.

The global team is located in Singpapore, the UK, and India.

Responsibilities

• Management and completion of inherent risk ranking of ALL suppliers in compliance with the Global Third-Party Cyber Risk policy. This includes liaising with and working alongside the Global Third-Party team as well as Business relationship Owners.
• Risk assessments of Cloud providers
• Identification, tracking and management of issues and control deficiencies relating to Third Parties, including liaising with the business owners to support remediation activities.
• Maintenance and management of the Information Security Third Party Inventory and the Issues Register in co-ordination with the Enterprise Risk Management strategy and approach.
• Performance and execution of Third Party Cyber Risk assessments initiated by business.
• Where applicable, executing, management and oversight of performing Third Party assessments meeting applicable SLA s.
• Reviewing information security policies, standards, guidelines and baselines in place and being developed.
• Contributing towards Security Awareness Training and helping the business to improve understanding of and reduce Third Party risk to acceptable levels.
• Assist with internal security reporting, including steering committees and updates for senior management.
• Management of Third-Party related information security projects.
• Develop and enhance the programmed, progressing currently identified and future improvements to make the function more effective and efficient.
• Provide support to the TPCR Regional Lead and engage with the wider information Security team.
  
  

Required Skills

• High level of business acumen, preferably in a regulated/financial industry
• Five + years of information security experience with a focus on risk assessments and controls, governance, risk management, program development, compliance, and/or auditing. Previous experience of supporting or managing a Third-Party risk assessment programme is essential.
• Expert-level knowledge of both the business and technical aspects of information security, including third party security risk and European data protection regulation.
• Demonstrated ability to understand and analyse complex business processes and technologies to make sound recommendations to non-technical constituents
• Strong broad-based technical background (distributed/mainframe, database, web-based application development, etc.)
• Strong risk-based analysis and decision-making skills
• Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) or attestation reports (e.g., SOC 1/2)
• eGRC system or similar system administration experience a plus
• Experience reviewing, and redlining agreements is a plus
• Ability to multitask and manage competing priorities
• Excellent time management and organizational skills
• Excellent interpersonal, customer service and conflict management skills
• Excellent written and verbal communication skills both in Japanese and English
• Proficient use of personal computers and Microsoft Office Suite
  
  

Why Should You Apply

• Long term work opportunity, plus WFH available
• Good opportunity for a challenge as team is in a transition phrase
• Straightforward, get going culture
• Flexibility working time
• Users/ team are logical and easy to change
• Great team dynamics and learning opportunity
• Opportunities to learn/brush-up English/Japanese language
  
  

Company Details

A leading global provider of property and casualty insurance, this company is known for its commitment to innovation, diversity, and employee development. With a strong presence in over 50 countries, employees have the opportunity to work in a dynamic and inclusive environment where personal and professional growth is encouraged. The company values collaboration, integrity, and excellence, offering comprehensive training, career development programs, and competitive compensation packages. A culture of respect and inclusivity is promoted, ensuring that employees feel empowered to contribute, grow, and make a difference in their roles while helping the organization deliver world-class insurance products and services globally.

Working Hours: 9:00 - 18:00 (Mon-Fri)

Working Style: 3 days work in office, and 2 days work from home

Holidays: Saturday, Sunday, National Holidays, Year-end and New Year Holidays, Paid Holidays

Services/Benefits: Transportation expenses up to 20,000 yen per month, plus Paid leave, plus social insurance (health insurance, welfare pension, and work-related accident insurance), Periodic health examination, and Employment insurance