Description :
Grade Level: L1
Location: Islamabad
Last Date to Apply: 22 January 2025
What is Supplier Cyber Risk Analyst?
Supplier Cyber Risk Analyst is responsible for assessing and monitoring the cybersecurity risks posed by third-party vendors or suppliers, ensuring they comply with regulatory frameworks and international standards (ISO 27001, 27017, PCI DSS, NIST CSF, SOC 2 etc.), and collaborating with stakeholders to integrate suppliers into the organization’s cybersecurity program. This role focuses on building a robust third-party/supplier risk management framework, managing supplier-related incidents, ensuring continuous oversight of supplier security posture, and leveraging supplier monitoring tools to evaluate and monitor supplier risks.
The role helps to reduce the cyber risk posed by suppliers and protect Jazz against possible attacks against the information assets by threat actors via backdoors created by partners or suppliers.
The role reports directly to the Stream Head Cyber Security with an extended team of 10 team members.
What does Supplier Cyber Risk Analyst do?
· Develop, implement, and manage a Third-party/Supplier Risk Management (TPRM/SRM) framework aligned with industry standards and organizational requirements.
· Conduct security risk assessments of suppliers and partners during onboarding and periodically.
· Evaluate SOC 2 reports, security certifications, and compliance evidence provided by the partners/suppliers.
· Maintain a risk register for all third-party vendors or suppliers and update it regularly with risk assessment findings.
· Collaborate with internal stakeholders to manage supplier risks effectively.
· Act as a liaison between internal team and suppliers to ensure the implementation of robust security controls.
· Collaborate with relevant stakeholders to include cybersecurity clauses in supplier contracts.
· Analyse technical vulnerabilities in suppliers’ systems and applications to assess potential risks. Provide technical guidance and support in identifying, prioritizing, and addressing critical vulnerabilities.
· Analyse penetration test reports and other due diligence documents.
· Ensure suppliers compliance with applicable cybersecurity policies, procedures, & frameworks such as ISO 27001, NIST CSF, PCI DSS etc.
· Coordinate with suppliers to implement necessary security controls and remediation measures.
· Incorporate and engage suppliers into the organization’s cybersecurity incident management process.
· Coordinate with suppliers during cybersecurity incidents, ensuring timely reporting and resolution.
· Document and track supplier-related incidents, escalating critical issues to senior management.
· Continuously monitor the cybersecurity posture of suppliers and fourth-party vendors through questionnaires, or other monitoring tools, ensuring real-time updates on supplier risk profiles.
· Conduct security audits of suppliers to verify the compliance status.
· Prepare periodic risk reports for leadership, highlighting key supplier risks and recommended mitigations.
· Conduct training for internal teams on third-party or supplier risk management processes and best practices.
Jazz is an equal opportunity employer. We celebrate, support, and thrive on diversity and are committed to creating an inclusive environment for all employees.
Requirements
What are we looking for and what does it require to be a Supplier Cyber Risk Analyst?
Benefits
As one of the leading employers in the country, Jazz epitomizes the philosophy that each Jazz employee is passionately living a better every day inspired and enabled by visionary leadership, a unique professional culture, a flourishing lifestyle, and continuous learning and development.
As one of the largest private sector organizations in Pakistan, our objective is to continue to change the lives of our 75 million customers for the better. This is an opportunity for someone who wants to be part of something transformative, someone who can play a critical role in driving our success. Together, we can empower millions more with the tools necessary to progress in an increasingly digital economy.