#1 Job Board for tech industry in Europe

  • Job offers
  • Senior Third-Party Cyber Risk Management Analyst
    New
    Security

    Senior Third-Party Cyber Risk Management Analyst

    Warszawa
    Type of work
    Full-time
    Experience
    Senior
    Employment Type
    Permanent
    Operating mode
    Hybrid

    Tech stack

      Risk Management

      advanced

      Cybersecurity

      advanced

      IT Security

      advanced

      Party Risk Management

      regular

      Information Security

      regular

      Cloud environments

      regular

    Job description

    Online interview
    Friendly offer

    Circle K Business Centre is a shared service center which supports Circle K Europe operations through a wide range of services within Finance & Control, Information Technologies, Human Resources, Transport Fuel and Customer Service.


    Circle K is part of the Canadian company Alimentation Couche Tard Inc. (Couche-Tard), one of the world's largest joint-stock convenience retail companies, listed on the Toronto Stock Exchange (TSE). It has operations in North America, Europe, Asia and the Middle East. It has approximately 12,300 sites across its network in North America (U.S. and Canada), Europe (Norway, Sweden, Denmark, Ireland, Poland, the Baltics), Asia and the Middle East. We are a family of more than 100,000 merchants making it easy for our customers around the world.


    The Third Party Cyber Risk Management (TPCRM) team is recruiting a senior third-party cyber risk analyst who will serve as a subject matter expert. This role provides subject matter expertise, managing, and performing key functions necessary to satisfy the Third-Party Cyber Risk Management program, including program projects and strategic initiatives. This role is accountable and responsible for providing expert risk analysis and information to business and risk management leadership. Additionally, the analyst establishes rapport with the business to support the company's overall IT and security governance, risk management, and compliance program with third-party vendors. The role supports implementing and maintaining our third-party platform and policies and a comprehensive control framework with enterprise-wide third-party risk management. Provides expert guidance to department management and business lines to ensure compliance and mitigation of risks. Contributes to objectives that support department strategic goals. This position reports to the third-party cybersecurity management senior manager.



    Key Responsibilities:


    • Develops and maintains strong working relationships with business areas throughout the enterprise. Advises business lines and IT team on security requirements and best practices.
    • Build and foster a strong rapport and relationships across the enterprise to collaborate with key stakeholders, including Procurement, Legal, Physical and Cybersecurity, Compliance, Privacy, Technology, and other business functions to identify, assess, and design plans to mitigate and monitor risks associated with third parties.
    • Perform in-depth risk domain and cybersecurity risk assessments; assess the overall security stance of third-party entities; detect vulnerabilities and areas of noncompliance; and develop mitigation strategies aligned to industry standards.
    • Leverage intelligence, industry best practices (NIST, ISO, etc.), and the regulatory landscape (such as GDPR, SOX, etc.) to ensure a rounded assessment of the risk posed to the organization.
    • Create and present detailed, high-quality risk reports, clearly articulating risk findings with recommendations, and maintain a comprehensive risk assessment and related documentation inventory.
    • Coordinate third-party risk management activities, including communicating with vendors about cybersecurity zero-day vulnerabilities.
    • Key participant in strategic planning activities, cybersecurity projects, or District or System priorities, including workgroups and initiatives as requested.
    • Collaborates, as appropriate, with Enterprise Risk Management, Legal, Procurement, and other risk functions to maintain an Enterprise Third Party Risk Management Program
    • Key participant in developing and enhancing processes and procedures for the Third Party Cyber Risk Management program, including due diligence activities, continuous monitoring, and frameworks to enhance the efficiency and effectiveness of the overall program.
    • Understanding business needs and dedicated to delivering high-quality, prompt, and efficient service.
    • Knowledge of relevant regulations, standards, and frameworks related to third-party risk management, such as NIST 800-53, NIST CSF, NIST RMF, SOX, GDPR, and other industry-specific frameworks.
    • Must be a self-starter and comfortable operating independently and be able to navigate with autonomy; provide updates on progress, re-confirm priorities, be flexible, and seek to clarity/help in the event of roadblocks.



    Position Requirements:


    • Bachelor's Degree
    • 3-5 years of work experience related to Third Party Risk Management, supplier risk management, vendor risk management, and/or cyber risk management.
    • Strong knowledge of information security concepts and controls (including AI and Cloud Environments)
    • Understanding of regulatory requirements pertaining to information security, privacy, and/or data security
    • Ability to consult with customers in a service advisory capacity
    • Self-driven; able to manage schedules, meet deadlines, coordinate with others, perform tasks, and work independently with minimal supervision
    • Strong project management skills, with the ability to work with multiple customers, deadlines, and priorities
    • Organized and effective with time and meeting management
    • Strong interpersonal and communication skills with the ability to ask questions, actively listen, escalate roadblocks, and interact effectively at multiple levels
    • Strong analytic skills and attention to detail
    • Preferred Certifications: CTPRP, CISSP, CRISC, CISM,CISA



    What do we offer?


    • Contract of employment
    • Annual bonus
    • Private medical care
    • Possibility for author's tax deduction
    • Cafeteria Platform/Multisport
    • English lessons subsidized by the company
    • Group insurance
    • Attractive discounts for products and services at our stations
    • Employee stock purchase plan
    • LYRA
    • Modern and convenient office that you can virtually visit here - https://goo.gl/maps/CLteHfYcdYMbdESq6
    • Trainings & possibility to develop skills in a wide international environment


    When working with us you can depend upon it that you will not be judged on the grounds of race, national origin, gender, sexual orientation, disability, age, or other legally protected status. Oppositely – we believe that our diverse and inclusive culture helps us create an amazing atmosphere where everybody feels welcome.


    Check who we are here: https://youtu.be/td-QGnNnvW0


    Want to know even more about us? Take a look at our career page: https://workwithus.circlek.com/global/en/businesscentrewarsaw


    Interested?

    We encourage you to apply.


    We know great companies are built from within, by great people like you. Come grow with us!

    We´re looking forward to your application


    We hereby inform that in the company Circle K Business Centre Poland sp. z o.o. with registered office in Warsaw an Internal Notification and Follow-up Actions Procedures applies.

    The document describes rules for reporting violations of law by whistleblowers. Full content of the above-mentioned Procedure is available here:  https://www.circlek.pl/o-nas/procedury-zgloszen

    Undisclosed Salary

    Permanent

    Apply for this job

    File upload
    Add document

    Format: PDF, DOCX, JPEG, PNG. Max size 5 MB

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    Informujemy, że administratorem danych jest Circle K Business Centre Sp. z o.o. z siedzibą w Warszawie, przy ul. Puławsk...more

    Check similar offers

    Technical Solutions Engineer, Security, Google Cloud

    New
    Google
    Undisclosed Salary
    Warszawa
    SaaS
    HTML
    REST API

    Cyber Security Analyst

    New
    1dea
    21.8K - 26K PLN
    Warszawa
    , Fully remote
    Fully remote
    Non-Human Identity Management
    Cisco ISE

    Enterprise Blockchain Developer

    New
    Kyotu Technology
    30.2K - 40.3K PLN
    Warszawa
    , Fully remote
    Fully remote
    Hyperledger Besu
    JavaScript
    Python

    Cybersecurity Engineer - Data Protection

    New
    GPC Global Technology Center
    Undisclosed Salary
    Kraków
    Code42
    MS Purview
    OneTrust

    Release Manager with Cybersecurity

    New
    DCV Technologies
    Undisclosed Salary
    Kraków
    Python
    Jenkins
    CI/CD