3rd Party Risk Analyst
Full time, 37.5 hours
£45,000 Depending on experience
We’re a leading health insurer and healthcare provider, with care homes, health centres, dental practices and a hospital. With no shareholders, our customers are our focus. We reinvest profits into providing more and better healthcare for the benefit of current and future customers.
We believe in quality, affordable and accessible healthcare for all. If you share our purpose of helping people live longer, healthier, happier lives, then look no further, Bupa could be the perfect match.
Do you want to be part of our long-term plans? At Bupa we have a range of roles spread across many areas for you to choose from.
From global teams to developing our activity within the UK. All of our professional roles play a key role in delivering on our purpose.
About the Role
The 3rd Party Risk Analyst is responsible for carrying out the BGUK supplier risk management which consists of logging and tracking risks associated with the Supplier Risk Management (SRM)or Procurement onsite audits and assurance work ensuring that the confidentiality and integrity of BGUK data accessed, processed or stored by partners and third-party suppliers on behalf of the BGUK MU.
This role is responsible for ensuring that the supply chain risks are managed to a high standard (including identification, treatment and reporting).
What you’ll be doing
- Execute formal due diligence and risk assessment processes during the onboarding process where there is a requirement to allow, outsource, or transfer the hosting of information processing facilities and/or the information of the Company to an external supplier, to identify the requirements and specific controls necessary to facilitate and secure BGUK MU information and information processing facilities
- Manage the BGUK IT 3rd Party Risk Register. Ensure identified risks are owned, prioritised, escalated and managed in line with the UK Risk Management Framework.
- Assist both the third party the BGUK 3rd party IT Risk team and the SRM team with the risk remediation process ensuring risks are accurately treated including risk treatment options such as risk acceptance.
- Participate in the BGUK Supplier Risk Management assurance process by engaging in the pre audit TOR’s and familiarising with the supplier in question. Work with relationship managers and IT auditors to assess the output of the due diligence and formulate risks where appropriate.
- Work with the Supplier Relationship Managers and IT Auditors to ensure Risk registers are updated accordingly with identified weaknesses associated with the BGUK Third Party Suppliers and Partners.
- Maintain polite and courteous communications with both third-party contacts and internal stakeholders. Use people and negotiation skills to encourage participation from the third party and ensure co-operation.
- Preparing risk acceptance papers for when risk acceptance is the chosen risk treatment option.
- Maintain risk dashboards and performance related metrics for management review.
- Identifying compensating controls that can be used to reduce 3rd Party IT Risks to within Bupa risk appetite.
- Ensure appropriate relationships are maintained with the BGUK Procurement and SRM departments.
- Work with other functions such as IT Risk or Infosec to produce accurate risk reporting.
Who we’re looking for?
- Educated to Degree or equivalent level
- Extensive skills and experience across the IT spectrum including IT infrastructure, IT Security, IT Resilience.
- Exposure to prevalent industry standards such as ISO27001, FCA, PRA, ICO, PCI-DSS, CIS, ITIL etc.
- Certified in relevant IT risk and security certifications with preferably at least one of the following CISM, CRISC, CISA.
- The role requires a reasonable knowledge of IT security, IT infrastructure (e.g. file security, patching, vulnerability management, networking etc), IT Risk (DR, redundancy, BCP).
- The role requires strong IT and Security risk management knowledge, experience of risk management frameworks and operational risk management processes.
- Experience in planning and carrying out IT risk assessment, compliance and risk management activities.
- Experience of IT Risk Management concepts and preferably with 3rd party Risk Management experience with skills in Cyber and IT Risk.
- Experience working in a team-oriented, collaborative environment.
- Experience of IT Resilience strategies such as Disaster recovery, Business continuity for supplier assessments.
- Experience producing risk documentation such as risk assessments, risk acceptance and risk MI reports.
- Ability to make decisions on complex issues and communicate them effectively to technical and non-technical audiences
- Strong interpersonal, communication and influencing skills with the confidence and ability to operate effectively at all levels including external customers or (CTO/CIO’s) at suppliers.
- Ability to maintain a high degree of confidentiality, even under pressure.
- The ability to weigh up the risk factors considering both business needs and protection of assets understanding the role is to present the options for the risk owner to decide upon the approach to take.
We’re driven by one purpose, helping people live longer, healthier, happier lives and that that means our people too. As a Bupa employee you’ll be entitled to some fantastic benefits which include 25 days holiday increasing to 30 days as your length of service increases, the option to buy and sell holiday, an enhanced pension plan, life assurance and income protection. You’ll join our annual bonus scheme, amount variable dependent upon your role and performance. Looking after your health is important to us and you can benefit from our health trust scheme where all our people have the option of taking our market-leading medical insurance cover, which includes mental health support and treatment, at a greatly reduced price as well as a free health assessment every 2 year. Your health and wellbeing matter to us and we provide lots of family friendly policies too. You can keep fit at our free onsite gyms (local gym discounts where no onsite gym). We will support you to get to work, offering a season ticket loan to spread the cost of an annual train/bus ticket as well as our cycle to work scheme
Whether you’ve found your feet or are discovering a new path. Welcome to a place that celebrates you. This isn’t where you’ve been. This is where you’re going. This is what we have belief in.
Bupa is committed to making sure that every applicant is assessed solely on the basis of
personal merit and qualifications, regardless of gender, sexual orientation, pregnancy or maternity, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.