CrawlJobs Logo

Legal Third-Party Management and Information Security Risk Lead

https://www.citi.com/ Logo

Citi

Location Icon

Location:
United Kingdom , Belfast

Category Icon
Category:
Legal

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

As part of the Legal Outside Counsel, Third Party Management and Operations team, the Legal Third-Party Management and Information Security Risk Lead is accountable for maintenance of the Legal Third Party Information Security and Controls Assessment program within Global Legal Solutions (GLS). This is a senior level, non-attorney role, responsible for providing legal support to the Citi Legal team. This role requires a pragmatic, proactive professional with thorough understanding of risk and compliance.

Job Responsibility:

  • Manage and oversee a set of complex initiatives that span multiple lines of business in the Cyber Security (CS), Information Security (IS) and Third-Party Risk Management (TPRM) space for Global Legal Solutions
  • Assess the risks and effectiveness of Third Party IS processes and controls based on enterprise requirements ensuring the IS risk is within tolerance
  • Evaluate the design and execution of the Legal IS Program, identifies potential enhancements and drives implementation of governance, methodologies and tools required for the effective oversight of Third-Party Management IS risk to continually strengthen the Program
  • Assist the day-to-day activities within the TPM Risk and Info Sec group
  • Monitor, track and control outcomes to resolve issues, conflicts, dependencies and critical path deliverables related to issues and gaps found in the TPISA process
  • Drive implementation of enterprise Third Party Management controls required to be assessed as part of the Managers Control Assessment, reviews results, and determines if remediation actions are appropriate
  • Document control design, testing methodology, and evidence for effectiveness reviews in compliance with Citi's Risk and Control Standards
  • Contribute to quarterly control certifications, issue management processes and audit engagements

Requirements:

  • Ability to assess residual risk in complex vendor environments and make sound defensible recommendations
  • Experience applying risk-based frameworks to prioritize issues and mitigation efforts
  • Strong interpersonal skills for engaging legal, compliance, technology, procurement and senior risk stakeholders
  • Proficiency in creating clear and concise reports dashboards and governance experience
  • Leading or supporting cross functional projects, ability to support risk transformation initiatives, and integrate evolving legal tech and regulatory guidance into assessment methodologies
  • Bachelor’s degree or equivalent
What we offer:
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Private medical insurance packages to suit your personal circumstances

Additional Information:

Job Posted:
April 24, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Citi - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Legal Third-Party Management and Information Security Risk Lead

Information Security Risk Lead

The Information Security Risk Lead is responsible for driving efforts to support...
Location
Location
Thailand , Bangkok
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s/Bachelor’s/University degree or equivalent experience in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline is preferred
  • One or more industry-recognized cybersecurity-related certifications such as CISSP, CISA, CISM, CRISC, ISO 27001
  • 6 - 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management / Third-party Risk Management or IT Audit, preferably with experience gained from banking / finance services industry / consultancy / control compliance or legal disciplines
  • Experience in assessing cyber regulatory compliance from BOT, SEC etc.
  • Strong understanding of International Standards/Frameworks such as: NIST, ISO 27001series, COBIT, CIS, GDPR, DORA, etc.
  • Proficient in interpreting and applying policies, standards and procedures
  • Excellent project management and organizational skills (PMP, PRINCE2, etc. is a plus)
  • Strong consultation, reporting writing and communication skills with highly proficiency in both spoken and written English and Thai
  • Thai language fluency is a must.
Job Responsibility
Job Responsibility
  • Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goals
  • Engagement with local regulators BOT, SEC, TB-CERT, Thai-CERT, MDES, NCSA, etc. on IS related matters
  • Manage regulatory exams and internal & external audits
  • Work closely with Global & Regional Information Security teams to improve processes and reduce risk, and support the IS regulatory related activities for Thailand
  • Manage internal/external resources to organize cyber-attack simulations exercise, coordinating and overseeing vulnerability, mitigation/remediation/correction action plans, and issues management process
  • Accountable for delivery of the associated remediation from regulatory assessments
  • Proficiency in preparing periodic updates / reports / presentation deck for both internal stakeholders and regulators
  • Provide timely and appropriate updates to regional and global stakeholders
  • escalate issues in a timely manner to senior management
  • Build and develop partnerships with business, IT, risk, compliance, IS, senior management staff and stakeholders
  • Fulltime
Read More
Arrow Right

Integrated Risk Management Head of Department

The Integrated Risk Management (IRM) Head of Department is a senior leadership r...
Location
Location
United States , Irvine
Salary
Salary:
181240.00 - 259160.00 USD / Year
haeaus.com Logo
Hyundai AutoEver America
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15–20 years of progressive experience in Information Security and GRC
  • Proven track record managing global risk and compliance programs in complex, multinational organizations
  • Familiarity with ISO 27001, NIST CSF, SOC2 Type II or similar security and risk management frameworks
  • Experience leading audits, certifications, and regulatory assessments
  • Strong stakeholder management and communication skills, with the ability to influence across all organizational levels and business units
  • Bachelor’s degree in Information Security, Risk Management, or related field
Job Responsibility
Job Responsibility
  • Oversee the enterprise-wide risk management lifecycle, including risk assessments, risk issue management, and risk exception management processes
  • Develop, update and maintain frameworks for identifying, assessing, mitigating, and monitoring security and operational risks
  • Ensure that risk posture and metrics are accurately reported to executive leadership, governance committees, business units and fellow heads of department
  • Lead the Information Security compliance program, ensuring alignment with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, NIST, etc)
  • Coordinate and manage internal and external audits, assessments, and attestations
  • Partner with Legal, Privacy, and other control functions to ensure consistent and effective control implementation and testing
  • Lead the Third-Party Risk Management (TPRM) program, utilizing a risk-based due diligence, ongoing monitoring, and remediation process
  • Collaborate with Procurement, Legal, and business stakeholders to ensure integration of vendor risk management into the enterprise risk framework
  • Oversee the maintenance and governance of information security policies, standards, and procedures
  • Ensure policies reflect best practices, regulatory expectations, and evolving threat landscapes
  • Fulltime
Read More
Arrow Right

Director, GRC, Privacy, & Trust

We’re looking for an experienced security leader to grow and mature the Governan...
Location
Location
United States; Canada
Salary
Salary:
258000.00 - 350000.00 USD / Year
https://www.1password.com Logo
1Password
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years leading GRC and privacy programs, including experience with international audits, risk management frameworks, and privacy regulations
  • 5+ years experience managing individual contributors as well as experience managing other managers
  • Proven expertise in policy development, risk assessment, compliance monitoring, and privacy program management
  • Passion for fostering psychological safety and stability in complex compliance environments
  • Hands-on experience with various information security and privacy compliance frameworks such as SOC 2 Type II, ISO 27001, FedRAMP, CMMC, GDPR, and CPRA
  • Experience with security and privacy automation tools for compliance monitoring and knowledge management
  • Experience leading company-wide compliance initiatives, securing buy-in for security and privacy policies, and leading cross functional programs
  • Experience partnering on customer contracts, including security addendums and compliance terms, balancing customer expectations and business needs
  • Exceptional written and verbal communication skills with ability to communicate effectively with executives, legal counsel, and stakeholders
  • Experience managing third-party risk, vendor assessments, and external auditors
Job Responsibility
Job Responsibility
  • Lead and mentor the GRC and Privacy Engineering team, fostering career growth and high performance
  • Drive the organization's risk management strategy and oversee the implementation of risk assessment frameworks
  • Develop and maintain information security and privacy policies, ensuring regular reviews and updates
  • Establish strong partnerships across departments to align on security and compliance initiatives
  • Engaging with customers, in partnership with Sales and Legal, to represent security in RFPs, due diligence, and security assessments
  • Oversee 1Password’s various information security and privacy certification processes ensuring compliance with relevant frameworks and regulations
  • Monitor and report on compliance metrics and program effectiveness
  • Partner with legal and security teams to assess and mitigate business, technical, and regulatory risks
  • Oversee relationships with external auditors and consultants
What we offer
What we offer
  • Maternity and parental leave top-up programs
  • Generous PTO policy
  • Four company-wide wellness days
  • Company equity for all full-time employees
  • Retirement matching program
  • Free 1Password account
  • Paid volunteer days
  • Employee-led inclusion and belonging programs and ERGs
  • Peer-to-peer recognition through Bonusly
  • Fulltime
Read More
Arrow Right

Head of Cyber Security

As the Head of Cyber Security at PEXA UK, you’ll play a key role in protecting t...
Location
Location
United Kingdom , Leeds; Thame
Salary
Salary:
100000.00 - 110000.00 GBP / Year
pexa.co.uk Logo
PEXA UK
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience leading cyber security operations in a regulated or financial services environment (FCA exposure preferred)
  • Strong understanding of security governance, assurance frameworks, and audit processes (ISO 27001, NIST, GDPR, Cyber Essentials Plus)
  • Experience with modern security tooling such as: Cortex XDR / Palo Alto Networks, Splunk (SIEM and dashboarding), Abnormal Security (email security), Prisma Cloud (cloud security posture management), Airlock (application and API security), Nucleus (vulnerability management and reporting)
  • Deep knowledge of incident response, threat hunting, and vulnerability management
  • Excellent stakeholder management and communication skills — able to explain complex risks in simple terms
  • Experience building and mentoring high-performing teams across technical and governance functions
  • Confident working in partnership with global teams and external partners to deliver consistent, secure outcomes
Job Responsibility
Job Responsibility
  • Define and deliver the UK cyber security strategy and roadmap aligned with business and group objectives
  • Act as the senior security authority for PEXA UK, Smoove, and Optima Legal
  • Partner with the Group CISO, UK CTO, and Risk functions to align frameworks and initiatives
  • Lead and mentor a multi-disciplinary team across SOC, engineering, and information security
  • Represent UK security priorities in leadership forums, lender assurance discussions, and governance reviews
  • Oversee SOC operations ensuring timely threat detection, response, and resolution
  • Continuously improve detection and response capabilities using Cortex XDR, Abnormal Security, Splunk, and Nucleus
  • Manage vulnerability management end-to-end, from scanning and prioritisation to remediation tracking
  • Coordinate with third-party partners such as Blazeguard and CCX to ensure effective service delivery
  • Oversee secure configuration, endpoint management, and patch compliance across hybrid environments including Azure and AWS
What we offer
What we offer
  • Tailored personal and professional learning and development programs
  • Holistic wellbeing support
  • Support for creating an ideal work/life blend
  • Fulltime
Read More
Arrow Right
New

Senior Tech Audit Manager - Global Payment Network

Capital One is seeking an energetic, self-motivated Technology Senior Manager wi...
Location
Location
United States , McLean; Chicago; Richmond; Plano; New York; Riverwoods; Charlotte
Salary
Salary:
182500.00 - 249900.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 7 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination within the banking or financial services industry
  • At least 4 years of experience leading a team to deliver initiatives, collection of work or a combination
  • At least 4 years of experience in managing audit engagements, project management or a combination
  • At least 4 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including 1 year of experience in test scripting or coding (writing, reviewing, or assessing)
  • At least 2 years of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years experience of people management
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cloud-based infrastructure, emerging technology, cybersecurity, risk management, application, and third-party management, as well as lead small to medium size audits including integrated audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements. Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
  • Effectively communicate information, issues and audit progress to teammates, clients and auditor-in-charge
What we offer
What we offer
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • Fulltime
Read More
Arrow Right

Account Manager

UpGuard’s mission is to protect the world’s data. We obsessively seek out elegan...
Location
Location
United Kingdom , London; Cardiff; Belfast; Bristol; Birmingham; Cork; Dublin; Liverpool
Salary
Salary:
Not provided
https://www.upguard.com Logo
UpGuard
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Commercial Experience: Previous experience as an Account Executive or in a similar commercial role, with a strong track record in SaaS renewals and revenue growth
  • Cyber Security Knowledge: A solid understanding of the cyber security landscape, particularly in Third-Party Risk Management (TPRM)
  • Negotiation Skills: Proven ability to negotiate contracts and renewals, balancing client needs with company goals
  • Strategic Mindset: Ability to think strategically about account growth, identifying opportunities for expansion and mitigating potential risks
  • Data-driven: Proficient in using data to drive decisions, with a focus on metrics that impact renewals and revenue growth
  • Collaboration: Ability to work effectively with cross-functional teams to drive account success
Job Responsibility
Job Responsibility
  • Drive Renewals: Take ownership of the renewal process for a portfolio of key accounts, ensuring timely and successful contract renewals
  • Revenue Retention: Implement strategies to safeguard existing revenue, proactively identifying risks and addressing them before they impact the business
  • Revenue Expansion: Collaborate with sales teams to identify upsell and cross-sell opportunities within your accounts, contributing to overall revenue growth
  • Contract Negotiation: Lead negotiations for renewals and expansions, working closely with legal and finance teams to structure favorable agreements
  • Market Insights: Stay informed about industry trends, competitive landscape, and client needs to offer informed recommendations that drive client value and satisfaction
  • Collaboration: Partner with sales, customer success, and marketing teams to align on account strategies and ensure a cohesive approach to client growth
  • Reporting & Metrics: Track and report on renewal rates, upsell success, and overall account health, using data to inform decision-making and strategy adjustments
What we offer
What we offer
  • Monthly Lifestyle subsidy: Use this for financial, physical, and mental well-being
  • WFH set-up allowance: To ensure you have the right environment to work in, we will help you get set up within your first 3 months at UpGuard
  • $1500 USD annual Learning & Development allowance: To support your career development, all team members will be able to expense development opportunities against this allowance
  • Generous Annual Leave/PTO allowances: Time to recharge your batteries
  • 18 weeks paid Parental Leave: Irrespective of parenting role
  • Personal Leave Allowance: This includes sick & carer’s leave
  • Fully remote working environment: While we have physical offices in Sydney & Hobart, we do not mandate compulsory attendance
  • Top-spec hardware: All team members will be provided with top-spec laptops for their role
  • Generative AI subsidy: UpGuard provides paid subscriptions for all team members to access generative AI tools to support their work
  • Health Insurance: All employees receive health, dental, and vision insurance
  • Fulltime
Read More
Arrow Right
New

Senior Tech Audit Manager - Global Payment Network

Capital One’s Audit function is a dedicated group of professionals focused on de...
Location
Location
United States , McLean; Chicago; Richmond; Plano; New York; Riverwoods; Charlotte
Salary
Salary:
182500.00 - 249900.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 7 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination within the banking or financial services industry
  • At least 4 years of experience leading a team to deliver initiatives, collection of work or a combination
  • At least 4 years of experience in managing audit engagements, project management or a combination
  • At least 4 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including 1 year of experience in test scripting or coding (writing, reviewing, or assessing)
  • At least 2 years of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years experience of people management
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cloud-based infrastructure, emerging technology, cybersecurity, risk management, application, and third-party management, as well as lead small to medium size audits including integrated audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements. Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
  • Effectively communicate information, issues and audit progress to teammates, clients and auditor-in-charge
What we offer
What we offer
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • Fulltime
Read More
Arrow Right
New

Principal Auditor - Cyber, Risk and Analysis Technology Audit

Capital One is seeking an energetic, self-motivated Principal Technology Auditor...
Location
Location
United States , McLean, Virginia; Chicago, Illinois; Richmond, Virginia; Plano, Texas; New York, New York; Riverwoods, Illinois; Charlotte, North Carolina
Salary
Salary:
119400.00 - 163500.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 4 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination
  • At least 1 year of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years of experience in managing components of audit engagements, project management or a combination
  • At least 2 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including 1 year of experience in test scripting or coding (writing, reviewing, assessing)
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cloud-based infrastructure, cybersecurity, risk management, application, and third-party management, as well as the ability to assist in leading components of small to medium size audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements. Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
  • Effectively communicate information, issues and audit progress to teammates, clients and auditor-in-charge
What we offer
What we offer
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy