Working for AMP
Working for AMP means being part of a company that values diverse thinking, encourages collaboration and promotes innovation. It’s an environment that offers challenging and exciting work as well as opportunities for professional growth. We’re flexible enough to allow you to make the most of your life, both professionally and personally.
We are looking for those that have the courage and agility to navigate changing and complex environments so that we can deliver the best solutions for our customers. We value people with integrity, an innate willingness to help others and an eagerness to perform to the best of their abilities.
We’re transforming our business, and we need people like you to join us on this journey.
About the role
The Third Party Risk Specialist will responsible for assisting with AMP’s internal processes that provide assurance to our stakeholders that their information assets are appropriately secured when managed by a third party.
Principally, the role has 4 main functions:
- Perform Assurance activities including Cyber assessments of AMP’s Third Parties, determining if appropriate activities are performed by the vendor that are commensurate with the risk to AMP’s information assets;
- Liaison with internal business, legal, commercial and technology stakeholders, advising of risk and recommending appropriate courses of action; and
- Identification of opportunities to improve and where possible automate the reporting capability of AMPs controls
Leading and mentoring of the third party analysts in the team.
- Providing Governance and Assurance over AMP’s Third Parties
- Conducting Third Party Cyber Assessments for new and existing suppliers
- Ensure Third Party Supply chain related risks are managed appropriately through Enterprise Risk Management process.
- Review and advise Commercial, Legal and Business teams on contracts and agreements for Cyber related clauses
- Reviewing third party assessment reports for quality
- Manage Third Party metrics reporting to senior stakeholders from across the organisation, driving secure and positive outcomes.
Capabilities & Experience
Extensive experience within information security governance, assurance, risk and / or compliance activities including:
- Experience with Cyber Frameworks such as ISO 2700x and / or NIST SPF.
- Understanding risk management and prioritization of risk related to Supply Chain Security.
- Experience on Third party risk assessments using assessment frameworks and tools e.g. Shared Information Gathering (SIG), Cloud Security Assessments CAIQ etc.
- Exposure to Third Party Risk assessments and management tools such as OneTrust, Archer, Bit-Sight etc.
- Broad understanding of IT Security principles associated with applications, networks, cloud services, cryptography, internet, email, operating systems, databases and malware, with high level expertise/specialisation in several of these fields.
- Understanding of various compliance certifications and reports viz. ISO 27001, PCI-DSS, SOC Reports.
- Understanding of Legal Regulations having an impact on Third Party Supply Chain e.g. CPS-234, GDPR, Privacy Act etc
- Experience/ Knowledge on Cloud Security, Cloud Vendor Assessments using CAIQ would be good have
- Tertiary qualifications within IT, or a related discipline
- CISSP / CISM / CISA / CRISC/ SABSA etc., all viewed favourably
Wellbeing & Benefits
As a company that values wellbeing, we offer a range of great benefits to support you financially, professionally and personally. These include access to a wide range of flexible working options including the ability to purchase extra leave, retail discounts, onsite wellbeing centre including a gym (Sydney Office), Employee Assistance Program, competitive home loan rates, leading superannuation contribution, discounted financial advice and personal insurance.
Inclusion & Diversity
AMP recognises individual differences and welcomes people from a variety of life and work experiences. The diversity of our people is core to our ability to innovate, grow and to fulfil our collective aspiration of helping people to own their tomorrow. A natural curiosity, a respect for differences and a growth mindset are valued at AMP.