col-wideJob Description:
**Ryanair Holdings plc, Europe's largest airline group, is the parent company of Buzz, Lauda, Malta Air & Ryanair DAC. Carrying over 154 m guests p.a. on more than 2,400 daily flights from 82 bases, the group connects over 200 destinations in 40 countries on a fleet of over 475 aircraft, with a further 210 Boeing 737's on order, which will enable the Ryanair Group to lower fares and grow traffic to 200m p.a. by FY24. Ryanair has a team of over 19,000 highly skilled aviation professionals delivering Europe's No.1 on-time performance, and an industry leading 34-year safety record. Ryanair is Europe's greenest cleanest airline group and customers switching to fly Ryanair can reduce their CO2 emissions by up to 50% compared to the other Big 4 EU major airlines.**
**Ryanair Labs **is the technology brand of Ryanair, a tech start up within a legacy airline. Our digital hubs are located in Dublin, Madrid, and Wroclaw and our newest location, Portugal. With big plans to digitally revolutionise the travel industry, Ryanair Labs has embarked on its mission to become the Amazon of Travel with an encompassing Trip's platform.
We believe in an hybrid working model, you can work up t**o three days per week remote, **but you are also going to enjoy the excellent work environment at our modern offices in the heart of Madrid.
**The Role**
Third Party Risk Management Senior Analyst will oversee the communications, monitoring, and quality review of required monitoring activities for active and prospective 3rd party vendor services.
- Manage Third Party Risk Management Program to develop, enhance and implement program and provide oversight and governance of it.
- Performing the vendor risk assessment process including the review and scoring of risk questionnaires and completing the overall risk assessment.
- Ensure that all requests for new supplier engagements are handled properly and efficiently by all participants in the process and according to policy and procedures.
- Supports the development and maintenance of a master vendor list including data cleansing, validation and de-duplication.
- Reporting and monitoring of vendor risk; including data collection and analysis, periodic ongoing reporting and monitoring.
- Ensure that potential issues are raised promptly to senior management with a view to identify options to mitigate risk.
- Supports business relationships with the vendors and internal stakeholders to ensure successful vendor assessment programme.
- Ensures alignment of the programme with compliance requirements - PCI, GDPR.
- Assist with aligning vendor controls to show how they are mitigating information security risk.
- Understands technical implementation details necessary to identify and assess vendor security risks and recommend mitigating controls.
- Work with the Information Security Technical teams to communicate technical risk to the business leaders.
- Collaborate with other participants in the vendor review process to seek out opportunities for improved coordination, process improvements and other operational efficiencies.
- Prepare for and manage reviews of the Program by internal audit, external auditors, regulators, and others.
**Requirements**:
- 2+ years of experience in either Third Party Risk Management, Information Security Risk Management, Compliance. Cyber Security background would be an asset.
- Proven experience with data administration and analysis.
- Preferable certifications: CISA, CISSP, CISM.
- Experience with industry standard security frameworks such as NIST, ISO, COBIT.
- Knowledge of OneTrust, JIRA and ServiceNow is an advantage.
- Strategic mindset and capability in problem solving, simplification, efficiency.
- Excellent communication skills, oral and written.
- Fluent English.
**Benefits**
The work that you do will be seen by the millions of customers across Europe!
Our offer:
- Contract of employment (permanent after trial period)
- Hybrid home office (3 days weekly)
- Flight tickets discounts from day one
- Possibility to taking part in conferences, trainings and courses
- Annual events (i.e. St. Patrick's Day )
- Regular social meetings
- Paid referral system
