CrawlJobs Logo

Legal Third-Party Management and Information Security Risk Lead

https://www.citi.com/ Logo

Citi

Location Icon

Location:
United Kingdom, Belfast

Category Icon
Category:
Legal

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

As part of the Legal Outside Counsel, Third Party Management and Operations team, the Legal Third-Party Management and Information Security Risk Lead is accountable for maintenance of the Legal Third Party Information Security and Controls Assessment program within Global Legal Solutions (GLS). This is a senior level, non-attorney role, responsible for providing legal support to the Citi Legal team. This role requires a pragmatic, proactive professional with thorough understanding of risk and compliance.

Job Responsibility:

  • Manage and oversee a set of complex initiatives that span multiple lines of business in the Cyber Security (CS), Information Security (IS) and Third-Party Risk Management (TPRM) space for Global Legal Solutions
  • Assess the risks and effectiveness of Third Party IS processes and controls based on enterprise requirements ensuring the IS risk is within tolerance
  • Evaluate the design and execution of the Legal IS Program, identifies potential enhancements and drives implementation of governance, methodologies and tools required for the effective oversight of Third-Party Management IS risk to continually strengthen the Program
  • Assist the day-to-day activities within the TPM Risk and Info Sec group
  • Monitor, track and control outcomes to resolve issues, conflicts, dependencies and critical path deliverables related to issues and gaps found in the TPISA process
  • Drive implementation of enterprise Third Party Management controls required to be assessed as part of the Managers Control Assessment, reviews results, and determines if remediation actions are appropriate
  • Document control design, testing methodology, and evidence for effectiveness reviews in compliance with Citi's Risk and Control Standards
  • Contribute to quarterly control certifications, issue management processes and audit engagements

Requirements:

  • Ability to assess residual risk in complex vendor environments and make sound defensible recommendations
  • Experience applying risk-based frameworks to prioritize issues and mitigation efforts
  • Strong interpersonal skills for engaging legal, compliance, technology, procurement and senior risk stakeholders
  • Proficiency in creating clear and concise reports dashboards and governance experience
  • Leading or supporting cross functional projects, ability to support risk transformation initiatives, and integrate evolving legal tech and regulatory guidance into assessment methodologies
  • Bachelor’s degree or equivalent
What we offer:
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Private medical insurance packages to suit your personal circumstances

Additional Information:

Job Posted:
April 24, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
View All Jobs In This Company
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Legal Third-Party Management and Information Security Risk Lead

Information Security Risk Lead

The Information Security Risk Lead is responsible for driving efforts to support...
Location
Location
Thailand , Bangkok
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s/Bachelor’s/University degree or equivalent experience in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline is preferred
  • One or more industry-recognized cybersecurity-related certifications such as CISSP, CISA, CISM, CRISC, ISO 27001
  • 6 - 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management / Third-party Risk Management or IT Audit, preferably with experience gained from banking / finance services industry / consultancy / control compliance or legal disciplines
  • Experience in assessing cyber regulatory compliance from BOT, SEC etc.
  • Strong understanding of International Standards/Frameworks such as: NIST, ISO 27001series, COBIT, CIS, GDPR, DORA, etc.
  • Proficient in interpreting and applying policies, standards and procedures
  • Excellent project management and organizational skills (PMP, PRINCE2, etc. is a plus)
  • Strong consultation, reporting writing and communication skills with highly proficiency in both spoken and written English and Thai
  • Thai language fluency is a must.
Job Responsibility
Job Responsibility
  • Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goals
  • Engagement with local regulators BOT, SEC, TB-CERT, Thai-CERT, MDES, NCSA, etc. on IS related matters
  • Manage regulatory exams and internal & external audits
  • Work closely with Global & Regional Information Security teams to improve processes and reduce risk, and support the IS regulatory related activities for Thailand
  • Manage internal/external resources to organize cyber-attack simulations exercise, coordinating and overseeing vulnerability, mitigation/remediation/correction action plans, and issues management process
  • Accountable for delivery of the associated remediation from regulatory assessments
  • Proficiency in preparing periodic updates / reports / presentation deck for both internal stakeholders and regulators
  • Provide timely and appropriate updates to regional and global stakeholders
  • escalate issues in a timely manner to senior management
  • Build and develop partnerships with business, IT, risk, compliance, IS, senior management staff and stakeholders
  • Fulltime
Read More
Arrow Right
New

Integrated Risk Management Head of Department

The Integrated Risk Management (IRM) Head of Department is a senior leadership r...
Location
Location
United States , Irvine
Salary
Salary:
181240.00 - 259160.00 USD / Year
haeaus.com Logo
Hyundai AutoEver America
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15–20 years of progressive experience in Information Security and GRC
  • Proven track record managing global risk and compliance programs in complex, multinational organizations
  • Familiarity with ISO 27001, NIST CSF, SOC2 Type II or similar security and risk management frameworks
  • Experience leading audits, certifications, and regulatory assessments
  • Strong stakeholder management and communication skills, with the ability to influence across all organizational levels and business units
  • Bachelor’s degree in Information Security, Risk Management, or related field
Job Responsibility
Job Responsibility
  • Oversee the enterprise-wide risk management lifecycle, including risk assessments, risk issue management, and risk exception management processes
  • Develop, update and maintain frameworks for identifying, assessing, mitigating, and monitoring security and operational risks
  • Ensure that risk posture and metrics are accurately reported to executive leadership, governance committees, business units and fellow heads of department
  • Lead the Information Security compliance program, ensuring alignment with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, NIST, etc)
  • Coordinate and manage internal and external audits, assessments, and attestations
  • Partner with Legal, Privacy, and other control functions to ensure consistent and effective control implementation and testing
  • Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process
  • Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework
  • Oversee the maintenance and governance of information security policies, standards, and procedures
  • Ensure policies reflect best practices, regulatory expectations, and evolving threat landscapes
  • Fulltime
Read More
Arrow Right

Business Risk Group Manager

Citigroup Global Markets Inc. seeks a Business Risk Group Manager for its Tampa,...
Location
Location
United States , Tampa
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
December 16, 2025
Flip Icon
Requirements
Requirements
  • Bachelor’s degree, or foreign equivalent, in Cybersecurity, Information Security, or related field and 10 years of progressive, post-baccalaureate experience as a Business Risk Manager, Operational Risk Manager, Information Security Fraud Analyst, or related position involving business operation and compliance risk management with focus on third-party engagement and data security in the global financial services industry
  • Assessment of information securities systems, identification of gaps, and implementation and documentation of remedies and mitigation actions
  • Vendors monitoring for regulatory compliance and issues management
  • Comprehensive understanding of Regulatory compliance and industry standards including GDPR, DORA, CCPA and other global regulations
  • Knowledge of Information Security standards (SOC2, ISO 27001)
  • Reporting Tools: MS Excel, SharePoint, MS Teams, Visio, MS PowerPoint
  • At least 6 years of experience must include Contract and SLA reviews, Manager Control Assessment, and Evaluation of vendors and fraud risks posed by the products and services offered
Job Responsibility
Job Responsibility
  • Monitor and lead the creation of service level agreements (SLA) and contracting activities that involve Information Security (IS) to ensure compliance with relevant laws and regulations
  • Use the expertise in IS area to ensure all applicable control measures are implemented in business engagements
  • Identify potential IS risks during new engagement onboarding process and ensure appropriate stakeholders are aware and held accountable for those risks
  • Ensure contracts and SLAs entered with suppliers meet the organization's standards
  • Assist in assessment of new and amended contract and SLA clauses by reviewing applicable laws, regulations and internal measures for sensitive data protection
  • Provide a robust first line of defense against policy breach and minimize operational risks for Citi Global Markets business
  • Develop corrective action language for IS gaps and ensure risk closure meets Citi requirements or industry best practices
  • Monitor critical and high-risk third-party relationships and those third parties that have access to Citi’s confidential information
  • Identify third parties that have an elevated fraud risk associated with the product and services they provide and collaborate with appropriate stakeholders to remediate that risk
  • Support business stakeholders’ compliance with legal and regulatory requirements such as the General Data Protection Regulation (GDPR), Digital Operational Resilience Act (DORA), California Consumer Privacy Act (CCPA), and other global privacy regulations
What we offer
What we offer
  • medical
  • dental & vision coverage
  • 401(k)
  • life insurance
  • accident and disability insurance
  • wellness programs
  • paid time off packages including vacation, sick leave, and paid holidays
  • Fulltime
!
Read More
Arrow Right

Director, GRC, Privacy, & Trust

We’re looking for an experienced security leader to grow and mature the Governan...
Location
Location
United States; Canada
Salary
Salary:
258000.00 - 350000.00 USD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years leading GRC and privacy programs, including experience with international audits, risk management frameworks, and privacy regulations
  • 5+ years experience managing individual contributors as well as experience managing other managers
  • Proven expertise in policy development, risk assessment, compliance monitoring, and privacy program management
  • Passion for fostering psychological safety and stability in complex compliance environments
  • Hands-on experience with various information security and privacy compliance frameworks such as SOC 2 Type II, ISO 27001, FedRAMP, CMMC, GDPR, and CPRA
  • Experience with security and privacy automation tools for compliance monitoring and knowledge management
  • Experience leading company-wide compliance initiatives, securing buy-in for security and privacy policies, and leading cross functional programs
  • Experience partnering on customer contracts, including security addendums and compliance terms, balancing customer expectations and business needs
  • Exceptional written and verbal communication skills with ability to communicate effectively with executives, legal counsel, and stakeholders
  • Experience managing third-party risk, vendor assessments, and external auditors
Job Responsibility
Job Responsibility
  • Lead and mentor the GRC and Privacy Engineering team, fostering career growth and high performance
  • Drive the organization's risk management strategy and oversee the implementation of risk assessment frameworks
  • Develop and maintain information security and privacy policies, ensuring regular reviews and updates
  • Establish strong partnerships across departments to align on security and compliance initiatives
  • Engaging with customers, in partnership with Sales and Legal, to represent security in RFPs, due diligence, and security assessments
  • Oversee 1Password’s various information security and privacy certification processes ensuring compliance with relevant frameworks and regulations
  • Monitor and report on compliance metrics and program effectiveness
  • Partner with legal and security teams to assess and mitigate business, technical, and regulatory risks
  • Oversee relationships with external auditors and consultants
What we offer
What we offer
  • Maternity and parental leave top-up programs
  • Generous PTO policy
  • Four company-wide wellness days
  • Company equity for all full-time employees
  • Retirement matching program
  • Free 1Password account
  • Paid volunteer days
  • Employee-led inclusion and belonging programs and ERGs
  • Peer-to-peer recognition through Bonusly
  • Fulltime
Read More
Arrow Right
New

Head of Cyber Security

As the Head of Cyber Security at PEXA UK, you’ll play a key role in protecting t...
Location
Location
United Kingdom , Leeds; Thame
Salary
Salary:
100000.00 - 110000.00 GBP / Year
pexa.co.uk Logo
PEXA UK
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience leading cyber security operations in a regulated or financial services environment (FCA exposure preferred)
  • Strong understanding of security governance, assurance frameworks, and audit processes (ISO 27001, NIST, GDPR, Cyber Essentials Plus)
  • Experience with modern security tooling such as: Cortex XDR / Palo Alto Networks, Splunk (SIEM and dashboarding), Abnormal Security (email security), Prisma Cloud (cloud security posture management), Airlock (application and API security), Nucleus (vulnerability management and reporting)
  • Deep knowledge of incident response, threat hunting, and vulnerability management
  • Excellent stakeholder management and communication skills — able to explain complex risks in simple terms
  • Experience building and mentoring high-performing teams across technical and governance functions
  • Confident working in partnership with global teams and external partners to deliver consistent, secure outcomes
Job Responsibility
Job Responsibility
  • Define and deliver the UK cyber security strategy and roadmap aligned with business and group objectives
  • Act as the senior security authority for PEXA UK, Smoove, and Optima Legal
  • Partner with the Group CISO, UK CTO, and Risk functions to align frameworks and initiatives
  • Lead and mentor a multi-disciplinary team across SOC, engineering, and information security
  • Represent UK security priorities in leadership forums, lender assurance discussions, and governance reviews
  • Oversee SOC operations ensuring timely threat detection, response, and resolution
  • Continuously improve detection and response capabilities using Cortex XDR, Abnormal Security, Splunk, and Nucleus
  • Manage vulnerability management end-to-end, from scanning and prioritisation to remediation tracking
  • Coordinate with third-party partners such as Blazeguard and CCX to ensure effective service delivery
  • Oversee secure configuration, endpoint management, and patch compliance across hybrid environments including Azure and AWS
What we offer
What we offer
  • Tailored personal and professional learning and development programs
  • Holistic wellbeing support
  • Support for creating an ideal work/life blend
  • Fulltime
Read More
Arrow Right

Account Manager

UpGuard’s mission is to protect the world’s data. We obsessively seek out elegan...
Location
Location
United Kingdom , London; Cardiff; Belfast; Bristol; Birmingham; Cork; Dublin; Liverpool
Salary
Salary:
Not provided
https://www.upguard.com Logo
UpGuard
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Commercial Experience: Previous experience as an Account Executive or in a similar commercial role, with a strong track record in SaaS renewals and revenue growth
  • Cyber Security Knowledge: A solid understanding of the cyber security landscape, particularly in Third-Party Risk Management (TPRM)
  • Negotiation Skills: Proven ability to negotiate contracts and renewals, balancing client needs with company goals
  • Strategic Mindset: Ability to think strategically about account growth, identifying opportunities for expansion and mitigating potential risks
  • Data-driven: Proficient in using data to drive decisions, with a focus on metrics that impact renewals and revenue growth
  • Collaboration: Ability to work effectively with cross-functional teams to drive account success
Job Responsibility
Job Responsibility
  • Drive Renewals: Take ownership of the renewal process for a portfolio of key accounts, ensuring timely and successful contract renewals
  • Revenue Retention: Implement strategies to safeguard existing revenue, proactively identifying risks and addressing them before they impact the business
  • Revenue Expansion: Collaborate with sales teams to identify upsell and cross-sell opportunities within your accounts, contributing to overall revenue growth
  • Contract Negotiation: Lead negotiations for renewals and expansions, working closely with legal and finance teams to structure favorable agreements
  • Market Insights: Stay informed about industry trends, competitive landscape, and client needs to offer informed recommendations that drive client value and satisfaction
  • Collaboration: Partner with sales, customer success, and marketing teams to align on account strategies and ensure a cohesive approach to client growth
  • Reporting & Metrics: Track and report on renewal rates, upsell success, and overall account health, using data to inform decision-making and strategy adjustments
What we offer
What we offer
  • Monthly Lifestyle subsidy: Use this for financial, physical, and mental well-being
  • WFH set-up allowance: To ensure you have the right environment to work in, we will help you get set up within your first 3 months at UpGuard
  • $1500 USD annual Learning & Development allowance: To support your career development, all team members will be able to expense development opportunities against this allowance
  • Generous Annual Leave/PTO allowances: Time to recharge your batteries
  • 18 weeks paid Parental Leave: Irrespective of parenting role
  • Personal Leave Allowance: This includes sick & carer’s leave
  • Fully remote working environment: While we have physical offices in Sydney & Hobart, we do not mandate compulsory attendance
  • Top-spec hardware: All team members will be provided with top-spec laptops for their role
  • Generative AI subsidy: UpGuard provides paid subscriptions for all team members to access generative AI tools to support their work
  • Health Insurance: All employees receive health, dental, and vision insurance
  • Fulltime
Read More
Arrow Right

Head of Cloud Compliance

Atlassian is seeking a dynamic and experienced leader for the position of Head o...
Location
Location
United States , San Francisco
Salary
Salary:
165800.00 - 266400.00 USD / Year
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years of experience in risk management, compliance management, cloud compliance, product compliance and relevant domain
  • 10+ years of experience as a people manager
  • Strong knowledge of compliance management frameworks, methodologies, and regulatory requirements
  • Proven ability to lead and inspire teams, drive cultural change, and influence stakeholders at all levels
  • Excellent analytical, problem-solving, and decision-making skills
  • Outstanding communication and presentation skills, with the ability to articulate complex risk concepts clearly and concisely
Job Responsibility
Job Responsibility
  • Develop and implement a comprehensive cloud compliance strategy that addresses both commercial and federal requirements
  • Lead the cloud compliance function, ensuring alignment with organizational goals and regulatory obligations
  • Ensure compliance with relevant federal regulations (e.g., FedRAMP, FISMA) and commercial standards (e.g., ISO 27001, SOC 2)
  • Stay informed about changes in cloud compliance regulations and assess their impact on the organization
  • Develop and maintain robust cloud compliance frameworks and controls to ensure secure and compliant cloud operations
  • Implement automated solutions for continuous monitoring and reporting of cloud compliance status
  • Identify, assess, and mitigate cloud-related compliance risks in collaboration with risk management teams
  • Develop metrics and dashboards to provide insights into cloud compliance status and risk posture
  • Work closely with IT, security, legal, and business units to integrate compliance requirements into cloud strategies and operations
  • Lead cross-functional teams to address complex compliance challenges and ensure cohesive strategies
What we offer
What we offer
  • health coverage
  • paid volunteer days
  • wellness resources
  • Fulltime
Read More
Arrow Right

Principal Architect, Payment & Fraud Systems

The Principal Systems Architect crafts scalable, secure, and high-performance pa...
Location
Location
United States , Bellevue; Atlanta
Salary
Salary:
123800.00 - 223300.00 USD / Year
https://www.t-mobile.com Logo
T-Mobile
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7-10 years of experience in a business environment, preferably within payments, fraud prevention, financial services, or e-commerce
  • 7-10 years of experience as a software or systems architect, engineer, or programmer, with expertise in scalable, high-availability platforms
  • 5+ years of experience in payments architecture, tokenization, and transaction processing, including real-time authorization, settlement, and reconciliation workflows
  • 5+ years of experience in fraud prevention, risk management systems, and security architecture, with knowledge of fraud scoring models, ML driven, fraud detection, and chargeback management
  • 4-7 years of experience in B2C online e-commerce systems architecture and design
  • 4-7 years of experience with payment orchestration, gateway integrations, and acquirer connections, including experience with PCI DSS compliance and 3DS
  • 4-7 years of experience using architecture and design of mobile web applications, including responsive design, hybrid models, and secure mobile payment solutions such as Apple Pay, Google Pay, or QR-based payments
  • 4-7 years of experience with cloud-based payment processing architectures, including AWS, Azure, GCP, Kubernetes, or serverless computing models
  • Bachelor's Degree in Computer Science, Information Technology, or a related discipline
  • Technology certifications (such as Java, Microsoft, Oracle, AWS, TOGAF, or security-focused certifications like CISSP, CISM, PCI-ISA)
Job Responsibility
Job Responsibility
  • Help define software development processes and ensure alignment to security, compliance, and scalability methodologies for payment and fraud platforms
  • Stay up to date with emerging payment technologies, as well as fraud detection strategies, and regulatory requirements to continuously contribute to improvement of platform capabilities
  • Understand the business processes on assigned projects, particularly those related to payment acceptance, transaction routing, chargebacks, and fraud prevention
  • Accomplish organizational goals by accepting ownership for accomplishing new and different requests
  • explore opportunities to contribute to job accomplishments
  • Translate business requirements into technical requirements and assist other team members in implementing the solution
  • Design and implement real-time transaction refinement solutions that ensure high availability, reliability, and security
  • Provide architectural oversight for payment tokenization, fraud scoring models, and risk mitigation strategies across multiple channels
  • Collaborate with engineering, product management, security, and compliance teams to ensure flawless integration of payment and fraud technologies
  • Lead proof-of-concept (PoC) initiatives to assess new fraud detection techniques, machine learning models, or payment orchestration improvements
What we offer
What we offer
  • Competitive base salary and compensation package
  • Annual stock grant
  • Employee stock purchase plan
  • 401(k)
  • Access to free, year-round money coaches
  • Medical, dental and vision insurance
  • Flexible spending account
  • Paid time off
  • Up to 12 paid holidays
  • Paid parental and family leave
  • Fulltime
Read More
Arrow Right
Welcome to CrawlJobs.com
Your Global Job Discovery Platform
At CrawlJobs.com, we simplify finding your next career opportunity by bringing job listings directly to you from all corners of the web. Using cutting-edge AI and web-crawling technologies, we gather and curate job offers from various sources across the globe, ensuring you have access to the most up-to-date job listings in one place.
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Australia Jobs Canada Jobs Poland Jobs Ireland Jobs Spain Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2025 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy