: 8 Jun 2021 Unposting Date
: 29 Jun 2021
: UK-England-London-London Support Centre
Starbucks - Technology
Job Purpose and Mission
This position contributes to Starbucks success by planning, developing, and directing the tactical as well as strategic technology security roadmaps. As the third-party security manager, you will be responsible for leading and driving completion of security and compliance assessments of third parties, combining experience with security risk management methodologies and technology systems analysis to support the mission, vision, and values of the Global Cyber Security Services team in its role of protecting the Starbucks brand from security, compliance, and privacy threats. This role works cross-functionally with various business partners throughout Starbucks EMEA and GCS, engaging often and collaborating with their respective teams, fostering relationships to help drive security, privacy and IT compliance principles adopted by the organization.
Models and acts in accordance with Starbucks guiding principles.
While supporting the delivery of the EMEA security roadmap, the third-party security manager will partner with senior analysts, technical resources, and business partners in the delivery of meaningful third-party security assessments, processes, and services for all third parties (incl. licensees)
Summary of Key Responsibilities
Represent the EMEA technology security team in key interactions with markets, vendors, licensees, regional, and global business, and technology leadership Leads third-party security risk assessments of vendors in support of business requirements related to EMEA technology security roadmap. Developing and maintaining an accurate inventory of all vendors, classifying and continuous monitoring via annual re-certification. Managing EMEA Global Licensing Framework Cybersecurity Assessments for all licensees on an annual basis. Ownership of building and implementing procedural documentation and workflows (e.g., process flows & SOP’s) in support of third-party security risk programs. Monitors and evaluates the third-party security program creating actionable reports on findings and presents reports to the team and management stakeholders. Responsible for providing continuous oversight of the GLF Cybersecurity program including maturity levels of EMEA licensees. Identifies, reports, and advises on resolution of privacy, compliance or technology security risks and control gaps. Provides leadership, management, and direction of all EMEA specific third-party security processes, documentation, and communications. Manages third-party security control exceptions or deficiencies tracking and monitoring, assisting with remediation development. Participate with the security organisation in developing and driving the implementation of technology security awareness and education campaigns to encourage adoption of policy, procedures, standards, or guidelines. Defining and driving the Monthly Third-Party Security Risk Profile and Performance Dashboard
Summary of Experience
Solid IT Security Risk Management experience Certifications such as CISSP, CCSP or others focused on IT Security, highly desired. Required Knowledge, Skills and Abilities
Ability to collaborate across teams, both internal and external to GCS, fostering engagement and building relationships Experience in a cybersecurity assurance, supplier assurance, third party risk, technology risk internal/external audit focussed role in an enterprise IT environment. Demonstrated ability to improve individual job skills through training, self-research, and self-study. Knowledge of and ability to apply process improvement principles. Ability to work in a dynamic work environment, handle ambiguity and maintain productivity. Ability to communicate clearly and concisely, both verbally and in writing, active listening skills Ability to plan, organize and prioritize tasks and provide guidance to others Experience developing or enhancing existing technology security processes, or developing continuous controls monitoring processes. Experience with infrastructure and digital vulnerability management, preferred. Strong skills in Microsoft Word, Excel, and PowerPoint. Strong knowledge of commonly used risk principles, practices, and concepts such as vulnerability management, threat assessment & modelling (e.g. STRIDE), and control effectiveness measurement. Knowledge of developing process improvement models, preferred. Knowledge of assessing, developing, or executing to a management framework such as ISO 27001, PCI & NIST CSF preferred. Ability to use calibrated estimation or similar measurement models, preferred. Retail solutions knowledge e.g. mobile apps, ePOS and other (preferred, not essential) Starbucks is committed to building an inclusive and diverse workforce . All applicants and partners will be treated fairly, without regard to race, religion, sex, nationality, age, physical or mental disability, sexual orientation, marital status, gender identity and expression.