Supplier Security Consultant

Job Title – Supplier Security Consultant

Job Purpose

This is a role for an information security expert who will manage the risk associated with Admiral's supply chain. The consultant will be a lead supplier security contact for the Security Risk and Governance team and will build out and manage our supplier security platform.

The consultant will work closely with the Group Legal and Procurement functions to ensure that the information risk pertaining to supplier engagement is effectively quantified and mitigated through the identification and implementation of due diligence recommendations and clearly defined contractual obligations. These contractual obligations will include the mandatory requirement for technical and non-technical controls.

The consultant will develop and implement an ongoing supplier assurance programme to ensure high risk suppliers are identified and assessed on a regular basis commensurate with their impact on Admiral’s overall security posture.

The role includes operating and improving the supplier risk assessment and treatment processes to reduce Admiral’s cyber risk exposure to agreed and acceptable levels.

Main Duties

The consultant will:

• Ensure that information about Admiral’s exposure to supplier risk is readily available and that appropriate mitigating measures taken to reduce the associated risk.
• Analyse information security risks associated with new partnerships including potential impact and likelihood as well as identifying effective mitigating controls
• Ensure consistent and timely engagement in new IT and other business initiatives
• Take ownership of the information security due diligence process and liaise with stakeholders in procurement teams, contract managers and other stakeholders to ensure effective and appropriate information security engagement
• Develop and implement an ongoing supplier assurance programme based in our supplier security platform to ensure the effective management of risks associated with key and strategic suppliers with the greatest potential impact to Admiral’s security posture
• Perform individual supplier assessments remotely or on site as required as well as targeted risk assessments for specific areas of Admirals’ supply chain
• Maintain a high level of expertise to be applied to the evaluation and selection of mitigating controls
• Ensure that integration is in place between the risk management and project consultancy areas of the risk and governance team such that knowledge gained from due diligence and contract evaluation phase can be used to inform security engagement with IT and business projects
• Apply the information security risk assessment process to identify risks within the scope of the information security management system and identify the risk owners
• Act as a champion for information security initiatives and maintain high standards of integrity and professionalism

• Deliver risk assessment reports and risk treatment plans in a timely and repeatable manner
• Contribute to and maintain an effective risk management mechanism to ensure that Admiral has as accurate and current a view of information risk exposure as possible
• Support Security Improvement Programme initiatives as directed

Experience and Qualifications Required

The Supplier Security Consultant will have a strong grounding in information security risk management with a strong technical knowledge which includes requirements for cloud-based solutions. A degree education is preferred. A CISA, CISSP or similar qualification is highly desirable. A general understanding of security control assessment, risk assessment, risk management and controls is required. Further role specific skills will be developed during employment.

Essential skills

• Drive to implement improvements and take ownership of issues as they arise
• Knowledge and experience of using common risk methodologies and information security frameworks
• Strong technical background, e.g. knowledge of IT controls implementation and management
• Previous supplier security consulting experience

Desirable

• CISA, CRISC, CISM or CISSP

About Admiral

We're Wales’ only FTSE 100 company. We have forward-thinking approaches and provide endless opportunities to test, learn and grow. There's a reason we've been named a Best Place to Work: our progressive culture, core values, and commitment to diversity and inclusion have created a working environment where people share ideas, aren’t afraid to speak up and change things, and above all, feel valued.

Admiral has grown from being a small start-up into a multi-national organisation. The company is constantly investigating new products, services and markets and is now present in eight countries with a diverse product portfolio.

Our success goes hand-in-hand with having a strong culture where we put our people and customers first. Our philosophy is simple yet effective: people who like what they do, do it better, and this, in turn, means that our customers receive the level of service and products that they deserve. Our culture is honest, open and wholeheartedly focused on four key areas:

Communication, Equality, Reward & Recognition, and Fun.

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we're voted no. 1 in the 2019 Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

You can also view some of our other key benefits here; https://admiraljobs.co.uk/employee-benefits/.

If you think this role is for you and would like to be considered for this opportunity, please click “apply now” to complete an online application form.

Please note, we are unable to accept CVs via email and from agencies. 

#LI-LP1