Risk Manager (Third Party & Supply Chain)

We are AMS. We are a global total workforce solutions firm; we enable organisations to thrive in an age of constant change by building, re-shaping, and optimising workforces. Our Contingent Workforce Solutions (CWS) is one of our service offerings; we act as an extension of our clients' recruitment team and provide professional interim and temporary resources.

Evelyn Partners is the UK's leading integrated wealth management and professional services group, with over 186 years of experience in helping generations of people and businesses to thrive. We offer an extensive range of financial and professional services to individuals, family trusts, professional intermediaries, charities and businesses.

On behalf of Evelyn Partners, AMS are looking for a Risk Manager (Third Party & Supply Chain) for a 6-month contract based in Liverpool (Hybrid).

Purpose of the Role:

Evelyn Partners seeks an experienced information security risk professional with expertise in security compliance and assurance, ISO 27001 implementation, PMO (project management office), risk assessments, supply chain, and governance, risk, and compliance projects. The Risk Manager will verify that third parties meet security requirements, implement risk mitigations, and coordinate with stakeholders to ensure proper risk treatment. They will also be involved in the PMO and governance processes, delivering updates to senior management and security forums, ensuring compliance with regulatory frameworks and standards.

Key Responsibilities:

• Conduct due diligence and security risk assessments on suppliers and third parties.
• Evaluate vendor security using evidence-based assessments (e.g., SOC 2, ISO 27001, penetration tests).
• Ensure third parties meet security standards and address gaps identified.
• Maintain current understanding of supply chain risks and emerging threats.
• Support incident response planning related to supply chain risks.
• Assist in ISO 27001, Cyber Essentials, and NIST CSF compliance programs.
• Communicate security risks effectively to stakeholders and document findings.

Required Skills & Experience:

• Proven experience in Information Security, especially third-party risk, supply chain assurance, governance, risk, and compliance.
• Knowledge of ISO 27001, Cyber Essentials, and NIST CSF standards.
• Experience reviewing SOC 2 Type II, ISO 27001 certifications, and other assurance artifacts.
• Ability to analyze technical and procedural controls.
• Experience responding to audits, regulatory requests, and supporting due diligence.
• Strong communication skills for engaging non-technical stakeholders.
• Ability to manage multiple assessments and projects proactively.

About the Client:

We provide award-winning services, employing the best people to help clients thrive. Our mission is to democratize access to good advice, regardless of financial background. As a high-growth organization, we offer personal development opportunities within an empowering environment that encourages change. Our collaborative culture supports autonomy and partnership across the organization.

Next Steps:

This role requires working via an Umbrella or PAYE engagement model. If interested and qualified, please apply through the provided link. We will contact you with updates.

AMS operates as an Employment Agency or Employment Business in the delivery of its services.