Cybersecurity Assurance & Compliance Senior Analyst

Job Description:

This position is responsible for the workload management of the Vendor Cyber Risk Management (VCRM) program, quality assurance, VCRM framework enforcement as well collaboration with internal and external stakeholders to ensure vendor risks are properly identified, communicated, and mitigated. This role requires strong technical expertise in cyber security, assurance & compliance, third party cyber risk management, and continuous improvement.

Key Responsibilities:

• Workload management of the Vendor Cyber Risk Management program.
• Conduct quality assurance (QA) reviews of vendor assessments performed by the team.
• Execute comprehensive security assessments of critical third-party vendors based on a risk-based framework and supportive tools.
• Manage risk communication and mitigation strategies with Mars Business Partners and vendors.
• Release final assessment reports and coordinate remediation plan approvals.
• Maintain and update process runbooks and knowledge base.
• Consolidate and report program metrics to the leadership team.
• Cross-functional collaboration including Identity Management, Risk Management, Enterprise and Security Architecture, Internal Audit and TPRM teams to ensure program effectiveness.
• Suggest recommendations of enhancements and support the respective development and implementation to continuously improve the program.

• Acts as a subject matter expert in third party cyber risk management with strong communication skills to articulate complex technical messages to business stakeholders.
• Manages complex supplier cyber security assessments requiring special attention due to vendor risk profiles and/or business impact. Ensures risk mitigation aligns with Mars' global standards and risk tolerance.
• Pilots new technologies and process improvements to enhance program efficiency and effectiveness.
• Collaborates extensively with internal teams and external partners to deliver high-quality vendor risk management services within agreed SLAs.

• University degree in Information Systems, Computer Science, Cybersecurity, or equivalent.
• Infosec/cybersecurity certifications are differentiators.

• 4+ years in cyber security, assurance & compliance, third part cyber risk management, or audit roles.
• Practical experience with security frameworks (ISO/IEC 27001, NIST CSF, CIS). Strong project and demand management skills.
• Excellent verbal and written communication skills in English. Ability to lead cross-functional teams and influence stakeholders.
• Experience managing cyber risk assessments and quality assurance processes is a differentiator.