Manager - Third Party Tech & Cyber Risk

Company Description

Welcome to This Australian Life. 

From the millions of Australians we protect, to those that make it happen every day at TAL, people really are what we’re all about. We want to grow with you. Achieve with you. And support you to do your best work. That's why we're focused on developing leadership, promoting diversity, rewarding excellence and retaining great talent.

We're always looking for people who want to go further with us. People who do what’s right, aim high, and work smart.  Why not see where we can go?

Job Description

The Manager of Third-Party Tech & Cyber Risk will be part of the Technology & Cyber Risk function within the Technology Business Unit and will lead the strategy and execution of our third-party technology risk management, third party cyber security management, relevant technology and cyber clauses within the contractual management process and overall governance of technology third parties. This role is responsible for developing and improving relevant frameworks, policies, practices and controls to maintain the risk posture within the appetite.

Key Accountabilities:

• Strengthen the Third-Party Technology & Cyber Risk Management Framework and lead the delivery of associated strategy, target state roadmap, and supporting processes and procedures.
• Conduct in-depth risk assessments and due diligence on potential and existing third-parties to identify risks and compliance gaps.
• Engage third-parties based on the non-compliance and potential cyber security issues identified via continuous passive security posture management technologies. Conduct risk assessments and develop a plan with the third-parties to remediate non-compliance and/or potential security issues. 
• Establish and maintain the governance structure for ongoing management of third-party relationships, including regular performance and compliance reviews. 
• Collaborate with all technology teams to embed effective vendor management practices aligned to the TAL Procurement Procedure and Vendor Management Model.
• Instituting change in potential areas for improvement for vendor governance, enhancement and upgrade by maintaining a good working knowledge of all services provided to TAL business units.
• Collaborate with the Cyber Threat Management function and engage material and high risk third-parties to determine their exposure to critical and actively exploited external-facing vulnerabilities, as well as their security posture against emerging attacker tactics and techniques.
• Assist with the assurance and compliance activities to demonstrate the effectiveness of Third-Party Technology & Cyber Risk Management function. Lead the corrective actions and resolve gaps identified during the assurance and compliance activities.
• Support and assist with the negotiation, implementation, and management of technology and cyber clauses in the third-party contracts with the Legal. Uplift those technology and cyber clauses in the contractual terms in line with regulatory and threat environment changes, as needed.
• Monitor and report on third-party compliance with technology and security requirements as well as their performance against contracts, and coordinate the corrective action, as needed.
• Stay abreast of regulatory changes and industry best practices related to Third-Party Technology and Cyber Risk management to ensure the policies and procedures are up-to-date.
• Develop and deliver training to internal stakeholders on Third-Party Technology & Cyber Risk Management practices.
• Collaborate with cross-functional teams, including Technology, Risk (Line 2), Audit, Legal, Compliance, and Procurement, to ensure a cohesive and integrated approach to Third-Party Technology & Cyber Risk Management.
• Lead, mentor, and develop a team dedicated to Third-Party Technology & Cyber Risk Management function.
• Deliver the TAL Cyber Security Report to Group Partners to demonstrate TAL’s security posture on an annual basis. Lead the activities required to complete the Report, including but not limited to engaging various parts of Technology and the wider Business Units, collecting supporting evidence, leading interviews/workshops with the independent assessor.
• Respond to technology risk and cyber security related questions raised by Group Partners through the Business Units on an ongoing basis, and attend periodic governance meetings with the Group Partners as a representative of Technology & Cyber Risk function.
• Support the RFI/RFP activities led by the Business Units on behalf of Technology & Cyber Risk function.

Qualifications

• Bachelor's degree in Business, Finance, Information Technology, or a related field. Relevant professional certifications (e.g., CISM, CRISC, CISSP) is a plus.
• Minimum of 5 years of experience in Third-Party Risk Management, Technology Risk, Cyber Security, or a related field with proven experience of supporting, implementing and managing third party risk management programs.
• Strong understanding of regulatory compliance standards relevant to third-party risk and security (e.g., APRA CPS234 / CPS230, SOX, ISO 27001, NIST CSF, Privacy Act, SOCI, etc.).
• Strong communication skills with the ability to translate risk into business impact.
• Self-starter with strong organisational skills in a highly-adaptive and a fast-paced environment.
• Customer-oriented mindset and ability to apply collaborative approach to achieving business outcomes.
• Thinker and doer with a pragmatic approach to make decisions and at the same time focused on outcomes.
• Ability to lead and motivate both direct and indirect team members, and manage a developing team.

Additional Information

At TAL we value diversity in all its forms and are committed to fostering an inclusive and equitable culture for all our people. We encourage Aboriginal and Torres Strait Islander people, individuals from all backgrounds, including those with caring responsibilities, people living with disability, and individuals from the CALD and LGBTQI+ communities to apply. Even if you don’t check every box in the criteria above, we encourage you to apply today or get in touch with us here.   

To provide you with the best experience, we can accommodate you at any stage of the recruitment process. Simply inform our Recruitment team at any time.  

TAL is recognised by the Workplace Gender Equality Agency as an Employer of Choice.  We are proud to be a member of Diversity Council Australia and the Australian Network on Disability. For information on our reconciliation journey, take a look at our Innovate Reconciliation Action Plan.  

We acknowledge the Traditional Custodians of the Land in which our Head Office is based, the land of the Gadigal people of the Eora Nation, and recognise their deep connections to the land, sea, and culture.  
We extend this acknowledgment to the many Traditional Lands that we operate across and pay our respects to Elders past, present, and emerging.

Everyone at TAL has a responsibility to do the right thing and is accountable for the way they conduct themselves. Our expectations are that you follow the principles set out in our Code of Conduct when you come to work every day. Risk management is everyone’s responsibility.

If you are already a TAL employee please apply via the SmartRecruiters button in Workday and navigate to the Employee Portal. This is important to ensure that your application is recorded accurately.