Head of Third Party Due Diligence
Reporting to the Group Chief Information Security Officer (CISO), the Head of Third party due diligence will provide leadership and subject matter expertise to guide the design, implementation and ongoing operation of Third party due diligence and assurance across the group. The Flutter Cyber Security Third party due diligence team will support the divisions with the management of Third party cyber security assessment risk in line with the group risk appetite both within the division and as part of their third-party relationships.
This role will lead, manage, and direct a team to ensure that the process of analysing and minimizing risks associated with outsourcing to third-party vendors or service providers and effectively identified and managed. This includes the on-going assessment of suppliers through contract lifecycle to ensure on going assessment and risk assurance processes provide regular detailed, accurate reporting on the state of divisional and third-party security
The role has been designed to lead and execute the Third-Party Management transformation roadmap. It will provide regular reporting to senior management to explain the data and process. The role will lead in successfully implementing a central system/tool incorporating all due diligence Risk Assessment processes operated.
Responsible for:
- Based on the wider cyber security strategy, create, own and execute the roadmap for third-party supplier assurance, as well as third party security assessments within group projects and during M&A activity.
- Support and provide input into the wider Cyber Security strategy.
- Accountable for the Cyber Security Third Party Due diligence (TPDD) transformation program which will include processes for new supplier security risk assessment, existing supplier security risk assessment and termination activities as well as defining appropriate regular governance checks. Appropriate tooling and automation should be chosen to drive accuracy and efficiencies across the TPDD lifecycle.
- Responsible for ensuring that the TPDD function is fit for purpose and satisfies regulatory and cyber compliance requirements whilst ensuring that the requisite capacity is available to offer a shared service across the Divisions.
- Responsible for defining and performing cyber security risk assessments of target companies during mergers and acquisition activity. The results will provide a security risk profile and assessment of current cyber security capabilities to support and inform negotiations.
- Responsible for the investigation and risk assessment of third parties post incident, providing detailed reporting and analysis to senior stakeholders
- Staying abreast of the global cyber risk landscape and adapting global cyber security assets such as the Flutter third party due diligence governance framework to ensure its continued relevance.
- Provide an effective challenge to the business areas when assessing the risks within their respective portfolio
- Responsible for attracting and retaining talent, ensuring that high performers are continuously challenged, and poor performers are supported to get on track.
- Foster a team culture of integrity and respect with a global outlook.
- Participate in governance and oversight forums/committees.
- Participate in industry cyber security forums as required to ensure that Cyber risks are understood and communicated across the Group.
Competencies:
- Building Support; we establish close relationships with our stakeholders, underpinned by trust, integrity and respect. We are able to build awareness, understanding and positive momentum behind the Group technology strategy, often without being in a position to assert authority.
Reporting to the Group Chief Information Security Officer (CISO), the Head of Third party due diligence will provide leadership and subject matter expertise to guide the design, implementation and ongoing operation of Third party due diligence and assurance across the group. The Flutter Cyber Security Third party due diligence team will support the divisions with the management of Third party cyber security assessment risk in line with the group risk appetite both within the division and as part of their third-party relationships.
This role will lead, manage, and direct a team to ensure that the process of analysing and minimizing risks associated with outsourcing to third-party vendors or service providers and effectively identified and managed. This includes the on-going assessment of suppliers through contract lifecycle to ensure on going assessment and risk assurance processes provide regular detailed, accurate reporting on the state of divisional and third-party security
The role has been designed to lead and execute the Third-Party Management transformation roadmap. It will provide regular reporting to senior management to explain the data and process. The role will lead in successfully implementing a central system/tool incorporating all due diligence Risk Assessment processes operated.
Responsible for:
- Based on the wider cyber security strategy, create, own and execute the roadmap for third-party supplier assurance, as well as third party security assessments within group projects and during M&A activity.
- Support and provide input into the wider Cyber Security strategy.
- Accountable for the Cyber Security Third Party Due diligence (TPDD) transformation program which will include processes for new supplier security risk assessment, existing supplier security risk assessment and termination activities as well as defining appropriate regular governance checks. Appropriate tooling and automation should be chosen to drive accuracy and efficiencies across the TPDD lifecycle.
- Responsible for ensuring that the TPDD function is fit for purpose and satisfies regulatory and cyber compliance requirements whilst ensuring that the requisite capacity is available to offer a shared service across the Divisions.
- Responsible for defining and performing cyber security risk assessments of target companies during mergers and acquisition activity. The results will provide a security risk profile and assessment of current cyber security capabilities to support and inform negotiations.
- Responsible for the investigation and risk assessment of third parties post incident, providing detailed reporting and analysis to senior stakeholders
- Staying abreast of the global cyber risk landscape and adapting global cyber security assets such as the Flutter third party due diligence governance framework to ensure its continued relevance.
- Provide an effective challenge to the business areas when assessing the risks within their respective portfolio
- Responsible for attracting and retaining talent, ensuring that high performers are continuously challenged, and poor performers are supported to get on track.
- Foster a team culture of integrity and respect with a global outlook.
- Participate in governance and oversight forums/committees.
- Participate in industry cyber security forums as required to ensure that Cyber risks are understood and communicated across the Group.
Competencies:
- Building Support; we establish close relationships with our stakeholders, underpinned by trust, integrity and respect. We are able to build awareness, understanding and positive momentum behind the Group technology strategy, often without being in a position to assert authority.
- Objective; we are impartial and unbiased, ensuring equal treatment for all and that decisions taken are based on objective criteria.
- Collaborative; we work effectively and in partnership with our stakeholders on shared goals that align towards the achievement of the Group technology strategy. We foster a collaborative environment and assume the role of leader when required.
- Adaptable; we understand and appreciate different and opposing perspectives on an issue and are able to adapt our approach in order to achieve a successful outcome.
- Strategic Thinking; we think about the big picture and use that perspective to support our
Divisions to achieve competitive advantage through greater agility, faster time to market and a better customer experience.
- Strategic Communication; we are proactive and considered in our approach to stakeholder
communications. We actively listen, provide constructive feedback and help others to consider new perspectives.
Role Specifics:
- An experienced information security governance, risk & compliance leader with a deep
understanding of cyber security risk, including within third party supplier relationships.
- Experience of large scale transformation across multiple jurisdictions
- Proven experience in defining Cyber Security policy, standards and controls.
- Strong working knowledge and experience of current IT Security frameworks such as ISO 27001, PCI, NIST, ISF, UKGC and Data Protection.
- Demonstrate strong knowledge of Third Party regulatory obligations across multiple jurisdictions
- Must have experience of risk and performance reporting and issue escalation at all senior levels within a Third Party
- Attention to detail and ability to meet tight deadlines
- Working within the finance leadership team to support strategic decisions
- Experience leading a workflow automation implementation
- Reviewing and recommending improvements for organizational structure
- Working closely with the Head of Procurement on process improvement
- Managing a team of 10 (Evaluating, managing and mentoring)
- Evaluating and developing risk assessment and vendor performance processes
- Strategic thinking which can translate to a long-range vision for driving down Cyber Security risk across the divisions.
- A developed ability to focus on ‘why this is important’ when it comes to communicating cyber security risk
- Proven track record in vendor management and procurement, preferably in a compliance/risk management or internal audit role
- Experience in leading diverse teams, ability to effectively collaborate across organizational
boundaries and facilitate open communication between teams
- Outstanding written and verbal communication skills. Excellent negotiating, influencing skills; assertive and persuasive
- Strong organizational, analytic and multi-tasking skills. Ability to manage work well under pressure
- Able to adapt communication style to proactively deliver critical information to key
stakeholders and to appreciate different and opposing perspectives across multiple divisions.
- Extensive experience of internal and external stakeholder management
- Results-oriented with the ability to influence outcomes with pragmatic recommendations
and guidance.
- Excellent verbal and written communications skills with the ability to modify style to influence technical and business stakeholders.
- A methodical approach to organising workload to ensure deadlines are met.
- Collaborative; we work effectively and in partnership with our stakeholders on shared goals that align towards the achievement of the Group technology strategy. We foster a collaborative environment and assume the role of leader when required.
- Adaptable; we understand and appreciate different and opposing perspectives on an issue and are able to adapt our approach in order to achieve a successful outcome.
- Strategic Thinking; we think about the big picture and use that perspective to support our
Divisions to achieve competitive advantage through greater agility, faster time to market and a better customer experience.
- Strategic Communication; we are proactive and considered in our approach to stakeholder
communications. We actively listen, provide constructive feedback and help others to consider new perspectives.
Role Specifics:
- An experienced information security governance, risk & compliance leader with a deep
understanding of cyber security risk, including within third party supplier relationships.
- Experience of large scale transformation across multiple jurisdictions
- Proven experience in defining Cyber Security policy, standards and controls.
- Strong working knowledge and experience of current IT Security frameworks such as ISO 27001, PCI, NIST, ISF, UKGC and Data Protection.
- Demonstrate strong knowledge of Third Party regulatory obligations across multiple jurisdictions
- Must have experience of risk and performance reporting and issue escalation at all senior levels within a Third Party
- Attention to detail and ability to meet tight deadlines
- Working within the finance leadership team to support strategic decisions
- Experience leading a workflow automation implementation
- Reviewing and recommending improvements for organizational structure
- Working closely with the Head of Procurement on process improvement
- Managing a team of 10 (Evaluating, managing and mentoring)
- Evaluating and developing risk assessment and vendor performance processes
- Strategic thinking which can translate to a long-range vision for driving down Cyber Security risk across the divisions.
- A developed ability to focus on ‘why this is important’ when it comes to communicating cyber security risk
- Proven track record in vendor management and procurement, preferably in a compliance/risk management or internal audit role
- Experience in leading diverse teams, ability to effectively collaborate across organizational
boundaries and facilitate open communication between teams
- Outstanding written and verbal communication skills. Excellent negotiating, influencing skills; assertive and persuasive
- Strong organizational, analytic and multi-tasking skills. Ability to manage work well under pressure
- Able to adapt communication style to proactively deliver critical information to key
stakeholders and to appreciate different and opposing perspectives across multiple divisions.
- Extensive experience of internal and external stakeholder management
- Results-oriented with the ability to influence outcomes with pragmatic recommendations
and guidance.
- Excellent verbal and written communications skills with the ability to modify style to influence technical and business stakeholders.
- A methodical approach to organising workload to ensure deadlines are met.
