Third Party Security Analyst

The Cyber team at Bupa is growing and we are on the lookout for a third-party security analyst.

The Third-Party Security Analyst will partner with project teams that are seeking to engage with new vendors whereby its proposed they manage our regulated entities information assets and work with these vendors to perform an assessment of their information security capability to ensure adequate controls are maintained and the introduction of new security risk is avoided

**Responsibilities**
- Carry out third party security due diligence assessments to inform our business of the third party’s security exposure prior to entering into contractual agreement.
- Conduct assessments through triage processes and security questionnaires to understand the supplier’s security maturity and gaps o Evaluating the design of that party’s information security controls
- Communicate and report these within a risk context and gain agreement with internal Bupa stakeholders and the third-party provider on the remediation plan
- Monitor third party’s attack surface observations and raise remediation requests where appropriate
- Perform monitoring and oversight over agreed remediations, and validation prior to closure
- Providing support to the Cyber Security Incident response team for any Third-Party incident response testing / simulations or real-world cyber incidents (where required)
- Working with Security testing teams to coordinate regular controls testing commensurate with the rate at which the vulnerabilities and threats change; and the materiality and frequency of change to information assets managed by our third parties (where required)
- Prepare scheduled and ad-hoc reports demonstrating the status of third-party security risk profiles, issues, trends, and improvement initiatives
- Supporting Security Risk Assessments (where required)
- Maintain Bupa’s third-party assessments repository

**What will I bring?**
- 2-4 years’ experience in Information Security, or a related field
- Tertiary qualifications in an appropriate Information Technology discipline or equivalent professional experience
- Knowledge of security and risk frameworks including ISO-27000 series, SABSA, CISSP and NIST
- Experience operating in an APRA and/or PCI regulated industry sector (preferred)
- Strong business and commercial acumen with a focus on the customer and business outcome
- Excellent oral and written communication skills including quality, concise technical documentation, report writing and presentations
- Excellent team player working within matrix structures, with demonstrated ability to broker outcomes effectively and collaboratively with colleagues and peers
- Vendor and partner management experience, including professional services and technology vendors

**What’s in it for you?**

As well as a competitive salary, a range of Bupa benefits and flexible working/ work from home, you’ll be challenged and encouraged to innovate. You will collaborate strongly with colleagues who are committed to delivering exceptional experiences. We trust, respect and consider everyone, knowing your difference will make the difference. Other benefits include discounts on health insurance, as well as access to our new global wellbeing program, Viva.

Viva has been designed to help you to live a healthy and happy life. It encompasses a comprehensive health and wellbeing program which includes access to health insurance benefits that will assist with covering the cost of medical treatment, information and education sessions, and preventative healthcare screening such as annual health assessments and skin checks. You will also be eligible to access various discounted products and services through our VIVA wellbeing partnerships.