This role: This position will be responsible for working with vendor relationship owners and vendors to ensure they have the proper IT security controls in place to minimize the risk to Mars. The candidate will be a technical subject matter expert that can evaluate vendor risk based on the collected documentation and industry tools to identify risk. This position is responsible for performing security assessments to identify and track these risks.
Traditional Mars IS roles are only scoped for Units that buy services from Mars IS. Security roles are scoped for all of Mars. This includes non-traditional lines of business, such as Multi-Level Marketing, Emerging PetCare, and Veterinary Services. Governing these "non-Mars IS" Units requires skill sets in technology that are not standard to Mars and influencing skills not required of other parts of the organization.
What we are looking for?
University degree in the field of Information Systems or Computer Science or equivalent work experience
Security Certifications are preferred but not required
7+ years in security related field or audit
What will be your key responsibilities:
Subject Matter Expert (SME) In assessing supplier security controls against security control frameworks (ISO, NIST CSF)
Develop a dynamic methodology to include required contractual language for vendors based on risk in partnership with Commercial
Provide leadership to junior members of the team on acceptable compliance evidence
Lead steering committee with Vendors, Commercial, Legal, Third Party Risk Management and Business Partnership to define KPIs, track risk remediation leveraging risk management and program KPIs on the vendors Cybersecurity performance.
Manage Commercial category (Direct/Indirect) and serve as the Point of Contact for EU vendors
Collaborate with Commercial to drive monitoring and compliance for our overall portfolio of suppliers
Responsible stakeholder engagement with Corporate Legal to provide ongoing monitoring and compliance for International Privacy Legislation (GDPR and others)
Collect feedback from stakeholders to identify and implement process improvements
The role-holder needs to be a true subject matter expert, while also processing strong communication skills in order to articulate technical messages in a comprehensive and conveying way to varying groups of stakeholders.
The associate needs to ensure the right level of risk mitigation/management in accordance with global standards and Mars tolerance for risk.
It is imperative that the position can also explain the 'why' in terms of connecting Security requirements to our Mars Inc strategies and the business benefits of risk mitigation.
It is essential that they can act independently and define risk posture in line with corporate risk appetite.
The associate needs to understand privacy laws and the applicability of those laws to vendors in the portfolio.
The associate needs to be a subject matter expert in cybersecurity best practices and the assigned commercial category to ensure the proper cybersecurity and applicable privacy controls are operating effectively.
The associate will process the vendor (re)attestation of supplier personnel that have access to the Mars environment(s) to influence non-compliant vendors to comply.
