IT Security/Privacy Vendor Manager

Description :

Role : Security and Privacy Vendor Manager

The Security and Privacy Vendor Manager reports into the Chief Information Security Officer (CISO) and is accountable and responsible, on a global basis, for all Security and Privacy vendors for Company.

Your Role :

The Security and Privacy Vendor Manager is responsible for managing relationships with security vendors and overseeing the performance and service delivery of a managed security partner. This role ensures that all security and privacy services provided by external vendors meet the organization's standards and requirements, and that they align with the company's overall security and privacy strategy. The Security and Privacy Vendor Manager will work closely with Global Security to design and monitor Company vendors and will represent Company across relevant governance forums.

Key Responsibilities / Duties :

Vendor Management :

- Develop and maintain strong relationships with security vendors to ensure high-quality service delivery.

- Negotiate contracts, service level agreements (SLAs), and pricing with vendors.

- Monitor vendor performance against SLAs and key performance indicators (KPIs).

- Conduct regular vendor reviews and audits to ensure compliance with contractual obligations and company policies.

- Address and resolve any issues or disputes with vendors in a timely manner.

Oversight of Managed Security Partner :

- Oversee the day-to-day operations of the managed security partner to ensure they meet the organization's security needs.

- Coordinate with the managed security partner to implement security and privacy policies, procedures, and controls.

- Ensure that the managed security partner adheres to the organization's security standards and regulatory requirements.

- Review and approve security and privacy incident reports and remediation plans provided by the managed security partner.

- Conduct regular performance reviews and assessments of the managed security partner.

Strategic Planning and Execution :

- Collaborate with internal stakeholders to understand security and privacy requirements and objectives.

- Develop and implement a vendor management strategy that aligns with the organization's security and privacy goals.

- Identify opportunities for improvement in vendor services and work with vendors to implement changes.

- Stay informed about industry trends and emerging security and privacy technologies to make informed recommendations for vendor selection and management.

Risk Management :

- Assess and mitigate risks associated with vendor relationships and managed security services.

- Ensure that vendors and the managed security partner comply with relevant security and privacy standards and regulations.

- Develop and maintain a risk management framework for vendor and partner oversight.

Reporting and Communication :

- Provide regular reports to senior management on vendor performance, security and privacy incidents, and risk management activities.

- Communicate effectively with internal stakeholders, vendors, and the managed security and privacy partner to ensure alignment and transparency.

- Prepare and present reports on the effectiveness of vendor and managed security and privacy partner services.

Qualifications :

Education and Experience :

- Bachelor's degree in Information Security, Computer Science, Business Administration, or a related field.

- Minimum of 6 years of experience in vendor management, security management, or a related role.

- Experience managing relationships with security vendors and overseeing managed security services.

Skills and Competencies :

- Strong understanding of information security principles, practices, and technologies.

- Excellent negotiation, communication, and interpersonal skills.

- Ability to manage multiple vendors and projects simultaneously.

- Strong analytical and problem-solving skills.

- Knowledge of relevant security and privacy standards and regulations (e.g., ISO 27001, NIST, GDPR).

- Proficiency in using vendor management and security monitoring tools.