InfoSec Third Party Assurance Specialist

InfoSec Third Party Assurance Specialist

London , United Kingdom

Full-time

Legal

We’re the world’s leading sports technology company, at the intersection between sports, media, and betting. More than 1,700 sports federations, media outlets, betting operators, and consumer platforms across 120 countries rely on our know-how and technology to boost their business.

Sport connects us—across borders, time zones, and cultures. At Sportradar, we use that connection to drive technology forward. Our Information Security Governance, Risk, and Compliance (GRC) team is foundational in safeguarding the integrity and resilience of our operations.

We are looking for an InfoSec Third Party Assurance Specialist to assist in conducting cyber risk assessments of third-party technology suppliers, ensure adherence to security policies, and support the identification and record risks. If you’re passionate about ensuring the security posture of vendors and enabling secure business growth at scale, this role is for you.

THE CHALLENGE:

As an InfoSec Third Party Audit Specialist, you will:

• Conduct security risk assessments on third-party vendors, review SOC reports, and evaluate technical and non-technical controls.
• Maintain and enhance TPRM documentation, including policies, workflows, and assessment templates aligned with ISO/IEC 27001, NIST, and other relevant standards.
• Track and manage third-party risks through to remediation, working directly with vendors and internal stakeholders.
• Contribute to the broader ISMS (Information Security Management System) and support internal risk, compliance, and audit activities.
• Participate in governance initiatives, including regulatory compliance efforts, awareness campaigns, and cross-functional risk assessments.
• Support the wider GRC team with reporting, metrics, and stakeholder communications.

YOUR PROFILE:

• 3–5 years of experience in third-party/vendor risk management, preferably within an information security, risk, or compliance team.
• Strong working knowledge of information security standards and frameworks such as ISO/IEC 27001, SOC 2, NIST CSF, or SIG.
• Familiarity with technology systems, infrastructure, and related security controls.
• Experience conducting vendor risk assessments, including reviewing SOC 2 reports and security questionnaires.
• Familiarity with GRC platforms and tools used for third-party or enterprise risk management.
• Understanding of contractual and regulatory requirements around third-party risk (e.g., GDPR, DORA, or other industry-specific regulations).
• Bonus: Hands-on involvement in broader GRC functions like ISMS maintenance or Business Continuity Management (BCM).
• Preferred certifications: CISA, CRISC, CISSP, or similar.