JOB DESCRIPTION

Description

The External Assurance Manager is responsible for security assurance and Governance, Risk, and Compliance (GRC) activities relating to the Company’s clients, partners, and third parties. The External Assurance Manager is the first point of contact for security-related due-diligence requests, client and partner audits, regulatory or certification inquiries, and any contractual negotiations that involve the Company’s information-security obligations.

Requirements

What You’ll Do:

• Provide accurate, valid, and appropriate responses to externally initiated security and data protection queries, questionnaires, or requests for information (RFI) / requests for proposals (RFP).
• Manage client-requested security reviews (on-site or virtual) including explanation of controls within the environment, presentation of evidence, planning and co-ordination of pre and post audit activities.
• Assess the security risks associated with third party entities the Company works with to ensure appropriate controls are in place to maintain the Confidentiality, Integrity, and Availability of their environment(s). Perform the necessary on-site and / or remote third-party security assessments of critical third parties to ensure their controls are effective.
• Produce high quality reports which articulate the risks associated with third parties and provide subject matter expertise guidance to support the next steps.
• Review contractual security clauses within agreements to ensure the Company can effectively meet its obligations and risks are managed. Take the lead on articulating the security posture and work with clients or third parties to find mutually agreeable language which maintains the integrity of the control requirement and provides the assurance needed.
  

  Who You Are:

   

• Good knowledge of all domains within security e.g., security management (cyber and physical), cloud technologies and controls, global data protection laws (GDPR, LGPD, PDPA, POPIA, PIPL), etc.
• Excellent written and verbal communication skills with the ability to effectively tailor communication of technically complex issues to various audiences.
• Demonstrable experience in a client facing aspect – as an assessor or as the assessed, consulting, account management, responding to security / operational / process questionnaires, bids, proposals, etc.
• Have a recognised security certification such as CISSP, CISA, CISM, ISO/IEC 27001 Lead Auditor, or equivalent experience.
• Be prepared to occasionally travel for assessments (includes international) – less than 10%
  

  Benefits

   

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarised in the full job offer.
• We operate a discretionary global bonus scheme that incentivises, and rewards individuals based on company and individual performance.
• Control Risks supports hybrid working arrangements, wherever possible, that emphasise the value of in-person time together – in the office and with our clients – while continuing to support flexible and remote working.
• As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment processControl Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status”If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.Level of Education: Bachelor DegreeWork Hours: 8Experience in Months: No requirements