CrawlJobs Logo

Legal Third-Party Management and Information Security Risk Lead

https://www.citi.com/ Logo

Citi

Location Icon

Location:
United Kingdom , Belfast

Category Icon
Category:
Legal

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

As part of the Legal Outside Counsel, Third Party Management and Operations team, the Legal Third-Party Management and Information Security Risk Lead is accountable for maintenance of the Legal Third Party Information Security and Controls Assessment program within Global Legal Solutions (GLS). This is a senior level, non-attorney role, responsible for providing legal support to the Citi Legal team. This role requires a pragmatic, proactive professional with thorough understanding of risk and compliance.

Job Responsibility:

  • Manage and oversee a set of complex initiatives that span multiple lines of business in the Cyber Security (CS), Information Security (IS) and Third-Party Risk Management (TPRM) space for Global Legal Solutions
  • Assess the risks and effectiveness of Third Party IS processes and controls based on enterprise requirements ensuring the IS risk is within tolerance
  • Evaluate the design and execution of the Legal IS Program, identifies potential enhancements and drives implementation of governance, methodologies and tools required for the effective oversight of Third-Party Management IS risk to continually strengthen the Program
  • Assist the day-to-day activities within the TPM Risk and Info Sec group
  • Monitor, track and control outcomes to resolve issues, conflicts, dependencies and critical path deliverables related to issues and gaps found in the TPISA process
  • Drive implementation of enterprise Third Party Management controls required to be assessed as part of the Managers Control Assessment, reviews results, and determines if remediation actions are appropriate
  • Document control design, testing methodology, and evidence for effectiveness reviews in compliance with Citi's Risk and Control Standards
  • Contribute to quarterly control certifications, issue management processes and audit engagements

Requirements:

  • Ability to assess residual risk in complex vendor environments and make sound defensible recommendations
  • Experience applying risk-based frameworks to prioritize issues and mitigation efforts
  • Strong interpersonal skills for engaging legal, compliance, technology, procurement and senior risk stakeholders
  • Proficiency in creating clear and concise reports dashboards and governance experience
  • Leading or supporting cross functional projects, ability to support risk transformation initiatives, and integrate evolving legal tech and regulatory guidance into assessment methodologies
  • Bachelor’s degree or equivalent
What we offer:
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Private medical insurance packages to suit your personal circumstances

Additional Information:

Job Posted:
April 24, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Citi - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Legal Third-Party Management and Information Security Risk Lead

Information Security Risk Lead

The Information Security Risk Lead is responsible for driving efforts to support...
Location
Location
Thailand , Bangkok
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s/Bachelor’s/University degree or equivalent experience in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline is preferred
  • One or more industry-recognized cybersecurity-related certifications such as CISSP, CISA, CISM, CRISC, ISO 27001
  • 6 - 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management / Third-party Risk Management or IT Audit, preferably with experience gained from banking / finance services industry / consultancy / control compliance or legal disciplines
  • Experience in assessing cyber regulatory compliance from BOT, SEC etc.
  • Strong understanding of International Standards/Frameworks such as: NIST, ISO 27001series, COBIT, CIS, GDPR, DORA, etc.
  • Proficient in interpreting and applying policies, standards and procedures
  • Excellent project management and organizational skills (PMP, PRINCE2, etc. is a plus)
  • Strong consultation, reporting writing and communication skills with highly proficiency in both spoken and written English and Thai
  • Thai language fluency is a must.
Job Responsibility
Job Responsibility
  • Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goals
  • Engagement with local regulators BOT, SEC, TB-CERT, Thai-CERT, MDES, NCSA, etc. on IS related matters
  • Manage regulatory exams and internal & external audits
  • Work closely with Global & Regional Information Security teams to improve processes and reduce risk, and support the IS regulatory related activities for Thailand
  • Manage internal/external resources to organize cyber-attack simulations exercise, coordinating and overseeing vulnerability, mitigation/remediation/correction action plans, and issues management process
  • Accountable for delivery of the associated remediation from regulatory assessments
  • Proficiency in preparing periodic updates / reports / presentation deck for both internal stakeholders and regulators
  • Provide timely and appropriate updates to regional and global stakeholders
  • escalate issues in a timely manner to senior management
  • Build and develop partnerships with business, IT, risk, compliance, IS, senior management staff and stakeholders
  • Fulltime
Read More
Arrow Right

Assistant Vice President – Third Party Risk Oversight specialist - TPRO - Consumer Credit Risk

The AVP – Third party risk oversight role is responsible for owning and enhancin...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in Risk management, third-party risk, vendor risk/management or credit risk with a large financial institution
  • US banking regulatory expectations
  • Prior experience operating with consumer credit risk or closely related risk domains
  • Extensive background in managing critical suppliers and regulated third-party relationships
  • Experience active as a risk/process oversight owner or leading risk platforms, frameworks, or governance models
  • Bachelor’s degree in related fields
  • Working knowledge of Vendor relationship management / Vendor risk management/ TPRO
  • Growth mindset with ability to balance risk, compliance and business enablement
  • Excellent stakeholder management and executive communication skills
  • Ability to challenge vendors and internal partners constructively
Job Responsibility
Job Responsibility
  • Product ownership and strategy: Own the end-to-end product vision for third-party risk oversight tools, processes, and controls within consumer credit risk
  • Own the TPRO vision, roadmap, and backlog, ensuring alignment with Citi risk policies and enterprise standards
  • Translate regulatory guidance, Citi policies, and risk requirements into User stories, controls, and functional requirements into scalable risk oversight solutions
  • Prioritize initiatives based on risk severity, regulatory commitments and business impact
  • Third-party Risk oversight: Oversee risk assessment lifecycle for third-party vendors, including: Inherent risk assessments, Due diligence (financial, operations, cyber, data privacy, model risk), Ongoing monitoring and periodic reviews
  • Ensure critical and high- risk vendors undergo enhanced oversight and governance
  • Maintain a risk-tiered vendor inventory aligned with consumer credit risk exposure
  • Supplier and contract management: Ensure supplier contracts meet regulatory, risk and control standard, including: SLAs, KPI, audit and access rights, data protection, information security, confidentiality, BCP/DR (business continuity planning/ Disaster recover), subcontractor and fourth-party controls
  • Track contract milestones, renewals, terminations and renegotiations
  • Proactively identify contracts nearing expirations and drive timely renewals or exit strategies
  • Fulltime
Read More
Arrow Right

Third-Party Cybersecurity Incident Analyst

This role is categorized as hybrid. This means the successful candidate is expec...
Location
Location
United States , Austin; Warren
Salary
Salary:
129400.00 - 212300.00 USD / Year
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Systems, Computer Science, Information Security, or related field
  • At least 7 years in information security with prior incident management, security operations, and cyber event analysis experience
  • Expert in cyber incident detection, investigation, and response, especially third-party and supply chain risk
  • knowledge of application, network, and OS security controls
  • understanding of vulnerability management and risk mitigation
  • Proven ability to lead complex cyber event activities, communicate technical findings to executives, and mentor team members
  • Strong investigative mindset
  • able to translate technical analysis into strategic business recommendations
  • highly detail-oriented and organized
  • Trusted with confidential and sensitive information at the enterprise level
Job Responsibility
Job Responsibility
  • Lead the triage, analysis, and escalation of critical third-party cybersecurity incidents, ensuring alignment with GM’s strategy
  • Assess incident impacts and urgency, guide containment actions, and provide expert advice to technical and non-technical stakeholders
  • Oversee investigations, incident tracking, and resolution, ensuring thorough documentation and reporting
  • Collaborate cross-functionally with Cyber Defense, GMIT, Legal, Purchasing, and leadership for effective response operations
  • Engage external partners to determine root causes and shape third-party risk management
  • Provide strategic support during high-priority and after-hours third-party incidents
  • Prepare and deliver executive-level reports and metrics to support informed decision-making
  • Mentor and guide others, fostering skill development across the team
  • Drive continuous improvement of incident response processes, tools, and methods
  • Coordinate communications with stakeholders and executive leadership, maintaining transparency and alignment during incidents
What we offer
What we offer
  • medical
  • dental
  • vision
  • Health Savings Account
  • Flexible Spending Accounts
  • retirement savings plan
  • sickness and accident benefits
  • life insurance
  • paid vacation & holidays
  • tuition assistance programs
  • Fulltime
Read More
Arrow Right

Director of Governance, Risk, Compliance and Trust

Everlaw is seeking a pragmatic and execution-oriented Director of GRCT to lead o...
Location
Location
United States , Oakland
Salary
Salary:
230000.00 - 312000.00 USD / Year
everlaw.com Logo
Everlaw
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in Information Security, Risk, or Compliance
  • Senior ownership of FedRAMP Moderate/High programs from authorization through steady-state operations
  • Hands-on experience implementing modern GRC automation platforms
  • Experience driving a shift from manual compliance processes toward Continuous Control Monitoring
  • Strong risk judgment, evaluating control gaps, exception requests, and architectural trade-offs pragmatically
  • Technical literacy to lead Security Impact Analyses (SIA) and embed compliance into DevOps and CI/CD workflows
  • Experience supporting customer assurance and GTM efforts—from complex security questionnaires to executive-level conversations
  • Operational and people leadership skills, skilled at establishing operating rhythms, defining meaningful program metrics, driving predictable execution, and coaching high-ownership teams
  • Clear and credible communicator, able to distill complex technical and regulatory topics
  • Bachelor’s degree in Information Security, Computer Science, Engineering, Information Systems, or a related field (or equivalent practical experience)
Job Responsibility
Job Responsibility
  • Public Sector Compliance Ownership: Own Everlaw’s public sector compliance posture, including FedRAMP and GovRAMP authorization and ongoing maintenance
  • Regulatory & Contractual Requirements: Ensure compliance with specialized regulatory and contractual requirements (e.g., CJIS, FTI)
  • Global & Industry Certifications: Accountable for global and industry certifications, including SOC 2, ISO 27001/27017/27018, UK CE+, GDPR, and HIPAA
  • Audit Readiness & Execution: Ensure sustained audit readiness through clear control ownership, effective evidence management, and scalable compliance processes
  • Strategic Certifications & Market Access: Own the go/no-go framework for pursuing new certifications or regulatory authorizations (e.g., ISO 42001)
  • Regulatory Awareness: Continuously monitor emerging regulatory and industry requirements and advise leadership on impact, readiness, and timing
  • Security Risk Identification & Management: Oversee the identification, assessment, and tracking of information security risks
  • Security Impact Analysis (SIA): Partner with Security Engineering to lead the SIA process for major system, infrastructure, and product changes
  • Third-Party Security Risk: Oversee the vendor security risk lifecycle, from onboarding through ongoing monitoring and renewal
  • Pragmatic Governance & Decision Support: Maintain security policies, standards, and exception processes
What we offer
What we offer
  • Equity program
  • 401(k) retirement plan with company matching
  • Health, dental, and vision
  • Flexible Spending Accounts for health and dependent care expenses
  • Paid parental leave and approximately 10 days (80 hours) per year of sick leave
  • Seventeen paid vacation days plus 11 federal holidays
  • Membership to Modern Health to help employees prioritize mental health and wellness
  • Annual allocation for Learning & Development opportunities and applicable professional membership dues
  • Company-sponsored life and disability insurance
  • Work in Uptown Oakland, just steps from the BART line and dozens of restaurants and walking distance to Lake Merritt
  • Fulltime
Read More
Arrow Right

Head of Security and Compliance

The Head of Security and Compliance will be responsible for building and leading...
Location
Location
United States
Salary
Salary:
Not provided
eightsleep.com Logo
Eight Sleep
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8-10+ years of experience in security engineering, with deep expertise in mobile app security, IoT device security, or cloud infrastructure security
  • Proven expertise in cybersecurity, cloud infrastructure security (AWS), IoT device security, and corporate risk management
  • Experience in consumer technology, health tech, or regulated industries is highly desirable
  • Strong knowledge of compliance standards (SOC 2, ISO 27001, HIPAA, GDPR, etc.)
  • Excellent communication and stakeholder management skills
  • Ability to balance risk with business agility in a fast-paced startup environment
Job Responsibility
Job Responsibility
  • Oversight and implementation, operation and monitoring of information security tools and processes in customer production environments
  • Responsible for conducting IT risk assessments, documenting identified threats and maintaining risk register
  • Communicates information security risks to executive leadership
  • Reports information security risks annually to Eight Sleep leadership and gains approvals to bring risks to acceptable levels
  • Define and own Eight Sleep’s end-to-end security strategy across cloud, product, corporate, and customer environments
  • Serve as the primary security advisor to the executive team—translating risk into clear business decisions and helping set the company’s security posture and risk tolerance
  • Build and scale Eight Sleep’s security program, including roadmap, processes, metrics, and future team structure
  • Oversee security architecture and practices for software, cloud infrastructure, connected devices (IoT), and data storage
  • Ensure compliance with security frameworks (e.g., SOC 2, GDPR, HIPAA)
  • Lead vulnerability management, threat detection, and incident response
What we offer
What we offer
  • Equity participation
  • Periodic equity refreshments based on performance
  • Every Eight Sleep employee receives a Pod
  • Fulltime
Read More
Arrow Right

Senior Tech Audit Manager - Global Payment Network

Capital One is seeking an energetic, self-motivated Technology Senior Manager wi...
Location
Location
United States , McLean; Chicago; Richmond; Plano; New York; Riverwoods; Charlotte
Salary
Salary:
182500.00 - 249900.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 7 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination within the banking or financial services industry
  • At least 4 years of experience leading a team to deliver initiatives, collection of work or a combination
  • At least 4 years of experience in managing audit engagements, project management or a combination
  • At least 4 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including 1 year of experience in test scripting or coding (writing, reviewing, or assessing)
  • At least 2 years of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years experience of people management
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cloud-based infrastructure, emerging technology, cybersecurity, risk management, application, and third-party management, as well as lead small to medium size audits including integrated audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements. Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
  • Effectively communicate information, issues and audit progress to teammates, clients and auditor-in-charge
What we offer
What we offer
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • Fulltime
Read More
Arrow Right

Account Manager

UpGuard’s mission is to protect the world’s data. We obsessively seek out elegan...
Location
Location
United Kingdom , London; Cardiff; Belfast; Bristol; Birmingham; Cork; Dublin; Liverpool
Salary
Salary:
Not provided
https://www.upguard.com Logo
UpGuard
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Commercial Experience: Previous experience as an Account Executive or in a similar commercial role, with a strong track record in SaaS renewals and revenue growth
  • Cyber Security Knowledge: A solid understanding of the cyber security landscape, particularly in Third-Party Risk Management (TPRM)
  • Negotiation Skills: Proven ability to negotiate contracts and renewals, balancing client needs with company goals
  • Strategic Mindset: Ability to think strategically about account growth, identifying opportunities for expansion and mitigating potential risks
  • Data-driven: Proficient in using data to drive decisions, with a focus on metrics that impact renewals and revenue growth
  • Collaboration: Ability to work effectively with cross-functional teams to drive account success
Job Responsibility
Job Responsibility
  • Drive Renewals: Take ownership of the renewal process for a portfolio of key accounts, ensuring timely and successful contract renewals
  • Revenue Retention: Implement strategies to safeguard existing revenue, proactively identifying risks and addressing them before they impact the business
  • Revenue Expansion: Collaborate with sales teams to identify upsell and cross-sell opportunities within your accounts, contributing to overall revenue growth
  • Contract Negotiation: Lead negotiations for renewals and expansions, working closely with legal and finance teams to structure favorable agreements
  • Market Insights: Stay informed about industry trends, competitive landscape, and client needs to offer informed recommendations that drive client value and satisfaction
  • Collaboration: Partner with sales, customer success, and marketing teams to align on account strategies and ensure a cohesive approach to client growth
  • Reporting & Metrics: Track and report on renewal rates, upsell success, and overall account health, using data to inform decision-making and strategy adjustments
What we offer
What we offer
  • Monthly Lifestyle subsidy: Use this for financial, physical, and mental well-being
  • WFH set-up allowance: To ensure you have the right environment to work in, we will help you get set up within your first 3 months at UpGuard
  • $1500 USD annual Learning & Development allowance: To support your career development, all team members will be able to expense development opportunities against this allowance
  • Generous Annual Leave/PTO allowances: Time to recharge your batteries
  • 18 weeks paid Parental Leave: Irrespective of parenting role
  • Personal Leave Allowance: This includes sick & carer’s leave
  • Fully remote working environment: While we have physical offices in Sydney & Hobart, we do not mandate compulsory attendance
  • Top-spec hardware: All team members will be provided with top-spec laptops for their role
  • Generative AI subsidy: UpGuard provides paid subscriptions for all team members to access generative AI tools to support their work
  • Health Insurance: All employees receive health, dental, and vision insurance
  • Fulltime
Read More
Arrow Right

Senior Tech Audit Manager - Global Payment Network

Capital One’s Audit function is a dedicated group of professionals focused on de...
Location
Location
United States , McLean; Chicago; Richmond; Plano; New York; Riverwoods; Charlotte
Salary
Salary:
182500.00 - 249900.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 7 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination within the banking or financial services industry
  • At least 4 years of experience leading a team to deliver initiatives, collection of work or a combination
  • At least 4 years of experience in managing audit engagements, project management or a combination
  • At least 4 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including 1 year of experience in test scripting or coding (writing, reviewing, or assessing)
  • At least 2 years of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years experience of people management
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cloud-based infrastructure, emerging technology, cybersecurity, risk management, application, and third-party management, as well as lead small to medium size audits including integrated audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements. Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
  • Effectively communicate information, issues and audit progress to teammates, clients and auditor-in-charge
What we offer
What we offer
  • comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy