Senior Cyber Analyst - Third Party Tech & Cyber Risk

The Senior Cyber Analyst is part of Third-Party Tech & Cyber Risk, which is part of the Technology & Cyber Risk function within the Technology Business Unit. This role will support the manager in aligning to the strategy and execution of our third-party technology risk management, third party cyber security management, relevant technology and cyber clauses within the contractual management process and overall governance of technology third parties. This role is responsible for adhering to and identifying improvements to relevant frameworks, policies, practices and controls to maintain the risk posture within the appetite.Adhere to the Third-Party Technology & Cyber Risk Management Framework and support the delivery of associated strategy, target state roadmap, and supporting processes and procedures.Conduct in-depth risk assessments and due diligence on potential and existing third-parties to identify risks and compliance gaps.Engage third-parties based on the non-compliance and potential cyber security issues identified via continuous passive security posture management technologies. Conduct risk assessments and develop a plan with the third-parties to remediate non-compliance and/or potential security issues.Establish and maintain the governance structure for ongoing management of third-party relationships, including regular performance and compliance reviews.Collaborate with all technology teams to embed effective vendor management practices aligned to the TAL Procurement Procedure and Vendor Management Model.Identifying potential areas for improvement for vendor governance, enhancement and upgrade by maintaining a good working knowledge of all services provided to TAL business units.Assist with the assurance and compliance activities to demonstrate the effectiveness of Third-Party Technology & Cyber Risk Management function. Address the corrective actions and resolve gaps identified during the assurance and compliance activities.Support and assist with the negotiation, implementation, and management of technology and cyber clauses in the third-party contracts with the Legal. Uplift those technology and cyber clauses in the contractual terms in line with regulatory and threat environment changes, as needed.Monitor and report on third-party compliance with technology and security requirements as well as their performance against contracts, and coordinate the corrective action, as neededDevelop and deliver training to internal stakeholders on Third-Party Technology & Cyber Risk Management practices