Introduction
The Information Security team exists to protect our commercially sensitive information. The team sits within our Group Security department, whose mission is to enable Dysons business ambitions globally by creating a strong security culture. Our team protects Dysons secrets, people and revenues through collaboration, communication and intelligence.
The Supplier Assurance Analysts ensure that the policies and standards we use to protect our information are followed and proactively enforced throughout our supply chain, through an annual audit and attestation program and through forming strong relationships to drive remediation activity. When partners or third parties place our intellectual property or sensitive information at risk of unauthorised exposure, the Supplier Assurance Analysts investigate and take the appropriate action to enforce our policies.
At Dyson, it's about more than our machines. We recognise that our success comes from our inventive people. We believe in including everybody and supporting you on your journey with us.
Overview and Main Responsibilities
As a Supplier Assurance Analyst your primary responsibilities will include:
Supplier Assurance:
- Undertaking supplier information security assessments during the tender and on-boarding processes and throughout the lifecycle of contracts to ensure information assurance throughout the supply chain.
- Producing high quality risk reports, with recommendations, to enable senior business owners to make the most appropriate risk decisions with regards to the use of suppliers.
- Providing advice and guidance with regards to supplier selection based on assessment results.
- Work with Dysons Regional Security Managers and other key stakeholders to build an annual onsite audit plan covering Dysons tier 1 suppliers.
- Travel to supplier sites nationally and occasionally internationally to conduct onsite audits and verify remediation activity.
- Ensuring the effectiveness of the supplier assurance process, from on-boarding to contract-end.
- Developing & managing the annual attestation process, to provide assurance of Dysons tier 2 and 3 suppliers.
- Facilitating treatment of supplier information security risk and ensuring risk is managed within Dysons appetite.
- Leading supply chain incident investigations, ensuring root cause is identified and corrective action is taken to prevent reoccurrence.
- Reviewing and updating contract provisions and Dysons third-party policies to ensure our requirements reflect best practice and align with Dysons risk appetite.
- Working with Dysons Legal team to review suppliers proposed amends to security clauses in contracts we issue, to ensure Dyson is not exposed to unnecessary risk.
- Producing monthly reports to track supplier remediation progress and risk reduction.
- Identifying continual improvement opportunities.
Compliance by Design
- Supporting the business in assessing, evaluating, treating and reviewing information risk as part of project, change and business-as-usual activity.
- Promoting and encouraging a risk culture that underpins Dysons values and drives risk awareness and accountability throughout the organisation.
- Engaging with risk owners to ensure risks are managed within appetite, engaging subject matter experts as and when required to ensure treatment is fit-for-purpose and proportionate, and to facilitate informed decision making.
Experience & Key skills
- Minimum of 3 years experience in a corporate setting with responsibility for information security risk management, assurance, and governance.
- Proven knowledge and experience with frameworks such as ISO 31000, NIST, and ISO 27001.
- Ability to coordinate requirements and teams to identify, evaluate, assess, and treat information security risks both internally and across the supply chain.
- Strong stakeholder management skills at all levels, as you will be required to communicate with a wide array of stakeholders throughout the organization.
Experienced in finding and agreeing pragmatic solutions in collaboration with stakeholders. - Strong written and verbal communication skills, with confidence in presenting initiatives to senior management.
- Excellent analytical skillswhether assessing a new process, project, or supplier, you can quickly identify key vulnerabilities, threats, and potential controls.
- Solid understanding of digital, technology, and data risks, with a passion for emerging innovations such as artificial intelligence, blockchain, robotics, and cloud technologies.
- Ability to work proactively under your own initiative.
- Proactive in obtaining appropriate training, both in soft skills and technical areas.
- Holding a certification such as CISA, CISM, CISSP, or CRISC would be an advantage.
The duties listed are not exhaustive. Additional hours of work may be required, as determined by the needs of the business. Managers and staff may be required to undertake additional duties, responsibilities and projects as appropriate.
#LI-CY1
Dyson is an equal opportunity employer. We know that great minds dont think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.
