Cyber Security Third Party Risk Manager (United Kingdom) in Cowbridge

DXC cultivates a work environment that attracts and retains some of the most skilled talent in today’s workplace. With a strategic focus on our people and our customers, we are committed to doing what’s best for both. That’s why we’re creating a workplace where employees seize change as an opportunity to accelerate their careers and amplify customer success.

Due to continued growth, DXC Technology has an exciting opportunity for an industry-leading Cyber Security Third Party Risk Manager based in the UK. You will work daily with the Supply Chain and our Business to assess vendors against cyber controls and ensure DXC is informed of vendors lacking cyber discipline and protected from engaging in high-risk relationships. We are looking for an individual enthusiastic to cultivate and build on our existing process, leveraging our tooling and AI. An individual who can establish a vision and rally a team around this vision. The candidate must be effective at communicating with various levels of IT leadership and work collaboratively across a matrixed organization. Successful candidates will be required to be eligible for SC clearance.

Responsibilities

• Manage and facilitate the overall cyber risk assessment function for third-party vendors.
• Own the process to conduct cyber risk assessments on vendors, manage risks related to those assessments, and respond to client requests about DXC’s cyber posture.
• Continuously monitor third-party vendors for changes in posture and adverse alerts.
• Track and mitigate risks that result from third-party assessments.
• Collaborate with Supply Chain and Legal to continually streamline and mature the third-party cyber risk assessment process.
• Maintain process alignment with the NIST Cybersecurity Framework.
• Contribute to the documentation of policy and standards changes related to third-party risk.
• Be our cybersecurity subject matter expert for third-party risk.
• Provide reporting metrics that tell the story of third-party risk from a cyber perspective and use these metrics to inform and drive improvements to the process.
• Manage a team of risk analysts to carry out the service, provide guidance, and cultivate their individual growth.
• Educate and increase awareness of information security policies and best practices.
• Deliver strong written and presentation skills to senior leaders regarding the global risk profile.

Required Skills

• Strong communication and business relationship skills.
• Delivery-focused mindset that will be able to work in a fast-paced environment with shifting priorities.
• Ability to organize and execute projects to drive process improvements.
• Knowledge of a wide variety of information security concepts, services, and technologies.
• Ability to present and discuss IT security strategy and business decisions with senior management.
• Maintain a solid understanding of cyber risk, controls mapping, and business processes.
• Ability to act independently when making technical or business decisions.
• Knowledge of information security best practices, regulatory concerns, and security standards.

Education and Experience

• Demonstrable years of relevant experience desired.
• Several years of experience conducting third-party risk assessments using risk and control frameworks, including ISO, NIST, or other industry standards.
• Proven experience in cybersecurity management roles.
• IT Security, technology, or other relevant Certifications are a plus.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritises in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.