This position is responsible for the workload management of the Vendor Cyber Risk Management (VCRM) program, quality assurance, VCRM framework enforcement as well collaboration with internal and external stakeholders to ensure vendor risks are properly identified, communicated, and mitigated. This role requires strong technical expertise in cyber security, assurance & compliance, third party cyber risk management, and continuous improvement.
Key Responsibilities:
Workload management of the Vendor Cyber Risk Management program.
Conduct quality assurance (QA) reviews of vendor assessments performed by the team.
Execute comprehensive security assessments of critical third-party vendors based on a risk-based framework and supportive tools.
Manage risk communication and mitigation strategies with Mars Business Partners and vendors.
Release final assessment reports and coordinate remediation plan approvals.
Maintain and update process runbooks and knowledge base.
Consolidate and report program metrics to the leadership team.
Cross-functional collaboration including Identity Management, Risk Management, Enterprise and Security Architecture, Internal Audit and TPRM teams to ensure program effectiveness.
Suggest recommendations of enhancements and support the respective development and implementation to continuously improve the program.
Context and Scope:
Acts as a subject matter expert in third party cyber risk management with strong communication skills to articulate complex technical messages to business stakeholders.
Manages complex supplier cyber security assessments requiring special attention due to vendor risk profiles and/or business impact. Ensures risk mitigation aligns with Mars’ global standards and risk tolerance.
Pilots new technologies and process improvements to enhance program efficiency and effectiveness.
Collaborates extensively with internal teams and external partners to deliver high-quality vendor risk management services within agreed SLAs.
Job Specifications/Qualifications:
University degree in Information Systems, Computer Science, Cybersecurity, or equivalent.
Infosec/cybersecurity certifications are differentiators.
Knowledge / Experience:
4+ years in cyber security, assurance & compliance, third part cyber risk management, or audit roles.
Practical experience with security frameworks (ISO/IEC 27001, NIST CSF, CIS). Strong project and demand management skills.
Excellent verbal and written communication skills in English. Ability to lead cross-functional teams and influence stakeholders.
Experience managing cyber risk assessments and quality assurance processes is a differentiator.
#TBdigital
We’re a unified force of 150,000+ Associates, taking action every day toward the world we want tomorrow.
Our Five Principles have kept us true to ourselves and to our commitment to treat others in ways that are consistent with those values. Having stood the test of time, these principles will continue, keeping us free to move quickly and plan for the future.
Quality - The consumer is our boss, quality is our work and value for money is our goal.
Responsibility - As individuals, we demand total responsibility from ourselves; as Associates, we support the responsibilities of others.
Mutuality - A mutual benefit is a shared benefit; a shared benefit will endure.
Efficiency - We use resources to the full, waste nothing and do only what we can do best.
Freedom - We need freedom to shape our future; we need profit to remain free.
Note to Parents:
https://www.mars.com/about/policies-and-practices/note-to-parents/np-english
For more information, please visit mars.com.
Follow us: facebook.com/mars, twitter.com/marsglobal, instagram.com/marsglobal/, youtube.com/mars
For more information about careers at Mars, please visit careers.mars.com
Follow us: facebook.com/LifeAtMars, instagram.com/LifeAtMars/, tiktok.com/LifeAtMars
Mars, Incorporated is not responsible for any content or activity made available via third party sites or services.
Page subject to:
mars.com/legal
mars.com/privacy
