Principal Third Party Risk Analyst

Supplier Cybersecurity Assessments

• Conduct detailed cybersecurity assessments for new and existing suppliers based on their classification and inherent risk.
• Review supplier evidence including SOC 2 reports, ISO 27001 certifications, penetration test results, data flows, architecture diagrams, cloud security configurations, and security policies.
• Evaluate cybersecurity controls across key areas such as access management, encryption, monitoring, incident response, business continuity, and vulnerability management.
• Document risks, observations, and required actions with clarity and accuracy.

Risk Governance & Exception Support

• Maintain and update the supplier cybersecurity risk register, ensuring risks are tracked, monitored, and managed through their lifecycle.
• Support the exception process by preparing well-reasoned, risk-based recommendations and identifying potential compensating controls.
• Ensure consistency and adherence to ISO 27001, NIST CSF, GDPR, and internal security policies.

Execution of the TPRM Process

• Manage all cybersecurity-related elements of the TPRM workflow, including RSQ/SAQ review, supplier classification, assessment execution, and remediation follow-up.
• Ensure assessments are completed within agreed timelines while maintaining high quality and accuracy.
• Coordinate with suppliers and internal stakeholders to obtain required information and progress reviews.

Continuous Improvement & AI Enablement

• Improve assessment quality, efficiency, and consistency through updated templates, improved scoring methods, and streamlined review processes.
• Leverage AI-enabled tools for evidence extraction, document review, control mapping, or supplier intelligence where applicable.
• Contribute to the evolution of the TPRM methodology and the cybersecurity control library.

Collaboration & Stakeholder Engagement

• Work closely with Procurement, Legal, Technology, and Business teams to embed supplier cybersecurity expectations into procurement and contracting activities.
• Provide clear communication on assessment outcomes, risks, and mitigation actions.
• Support security clause reviews and input to contract obligations when required.

Metrics, Monitoring & Reporting

• Produce dashboards and reports to reflect supplier assessment progress, open risks, exceptions, and remediation status.
• Identify trends or recurring issues across suppliers and provide insights for programme improvement.
• Support updates to relevant governance forums when needed.

Awareness & Knowledge Sharing

• Deliver internal awareness sessions on supplier cybersecurity expectations and TPRM processes.
• Stay informed about emerging supply-chain threats, regulatory developments, and best practices.

Skills and Experience

• Minimum of

  8 years

  in Third-Party Risk Management, cybersecurity assessment, audit, security assurance, or related roles.
• Strong understanding of cybersecurity frameworks such as

  ISO 27001:2022

  ,

  NIST CSF

  ,

  SOC 2

  ,

  GDPR

  , cloud security principles, and SaaS security controls.
• Proven ability to review complex technical documents and extract meaningful risk insights.
• Strong analytical ability with high attention to detail and structured documentation skills.
• Ability to work autonomously, manage multiple assessments, and handle changing priorities.
• Effective written and verbal communication suitable for cross-functional teams.

Preferred Qualifications

• Bachelor s degree in Cybersecurity, Information Security, IT, Risk Management, or equivalent.
• Certifications such as

  CRISC, CTPRP, CISA, CISSP, ISO 27001 Lead Auditor/Implementer

  are desirable.
• Experience with AI-enabled assessment or automation tools is advantageous.

Behavioural Attributes

• A balanced, risk-based mindset with the ability to make sound, well-reasoned decisions.
• Logical thinking, problem-solving ability, and willingness to challenge assumptions where needed.
• Commitment to continuous improvement and professional growth.
• Collaborative, dependable, and able to build strong working relationships

• Wellbeing focused

  Our people are our greatest assets, and ensuring everyone feels their best self to come to work is integral.

• Annual Leave

  20 days of annual leave, plus public holidays

• Employee Assistance Programme

  Free advice, support, and confidential counselling available 24/7.

• Personal Growth

  - Regardless of where you are at in your career, we re committed to enabling your growth personally and professionally

  • Development Programmes

    From Future Managers to Leadership Training, our development programmes help you get where you need to go

  • Online Learning Platform: SkillsHub!

    - Learning at your fingertips, anytime from anywhere. You can access our online library with relevant content for your career growth.

• Life Insurance

  - 3x annual salary

• Personal Accident Insurance

  - providing cover in the event of serious injury/illness.

• Performance Bonus

  Our Group-wide bonus scheme enables you to reap the rewards of your success