Job description
Location: UK
Role Purpose
The purpose of the Supplier Cyber Security Team is to measure, manage and reduce the Cyber Security risks posed by our suppliers to Vodafone. Supplier risk is recognised as one of the main sources of Cyber risk; the effectiveness of supplier controls is critical to protect Vodafone and our customer data.
This role is responsible for the cyber security risk management of the end to end lifecycle of Vodafone suppliers from contracts and onboarding to end of life including information security reviews across Vodafone UK, encompassing internal reviews and inspections of critical suppliers to ensure compliance with our security and data protection policy. The role is key in managing and reducing the Cyber Security risks posed by our suppliers across all Vodafone using tools and associated processes, covering different controls throughout the supplier lifecycle
We are in the process of delivering against our 2025 vison with the first stage being centralisation of local market supplier activities into the global team. The role supports the globalisation programme and local markets as they go through the migration to create a single worldwide capability as well as support to strategic programmes to ensure that information security obligations are met and to help develop and embed a culture of security awareness and control.
Role responsibilities include
Owning the relationship with key suppliers to implement, monitor and track the key controls needed to minimise Vodafone risk;- Tracking and reporting supplier security operational activities;
- Building a Supplier Community by owning the relationship with local markets to build expertise and drive the implementation of supplier cyber security capabilities across Vodafone markets;
- Working closely with the rest of Cyber Security, as well Vodafone Procurement Company, Group Privacy and Group Corporate Security teams to support overall supplier management and governance;
- Developing a strategy and plan to ensure that Vodafone UK customer touch points (third party call centres) are provided with appropriate security, guidance and conduct periodic security inspections to assess the effectiveness of controls.
- Providing support to the business to facilitate out-source/off-shoring strategies by conducting a risk assessment and security audit of the parties concerned where required.
- Identifying areas of continuous improvement in our tools and processes, both within the SCS team, but also with the stakeholders we impact. Taking team responsibility to project manage prioritised initiative that will deliver an improved outcome for Vodafone, our suppliers and our customers.
With us you will:
Liaison with suppliers to gather relevant information and establish the level of cyber security risk- Support internal stakeholders within Vodafone to help them understand the supplier security process, relevant policies and outputs from the process
- End to end cyber security risk assessments on suppliers and tracking risk reduction plans
- Develop and maintain the interface between the supplier security process and other risk processes within Vodafone
- Operation and development of relevant processes, tools and reports
- Achievement and maintenance of effective supplier information security controls across Vodafone
- Assessments coverage of in-scope suppliers across Vodafone
- Closure of risk action plans as well as issues identified as part of the independent security rating service
Apply if you have:
Knowledge and experience of third-party information security risk management, and general information security background (previous work with ISO27001 or similar information security standard would be beneficial).- Excellent negotiation & influencing skills with ability to work and drive collaboration inside and outside of Vodafone.
- Ability to work with complex and varied data sources to identify recommendations and create meaningful reports/presentations that accurately reflect performance and trends.
- Ability to problem solve through simplification and innovation with a focus on the outcome, value and experience.
- (Desirable) information security or risk management qualification such as CISSP, CRISC or CISM
- (Desirable ISO 27001 lead auditor or CISA
- (Desirable) Project Management and/or Business Change qualifications or experience
- (Desirable) Contract Management experience
Check out the application process and get to know us better here: https://careers.vodafone.co.uk/technology
https://careers.vodafone.co.uk/working-at-vodafone
Read more stories here: https://careers.vodafone.co.uk/posts
#globalresourcing
#LI -Hybridworking
#TogetherWeCan
#SpiritofVodafone