Third Party Risk Manager

Join to apply for the Third Party Risk Manager role at TieTalent

1 day ago Be among the first 25 applicants

Join to apply for the Third Party Risk Manager role at TieTalent

Get AI-powered advice on this job and more exclusive features.

Ideas | People | Trust

About

Ideas | People | Trust

We’re BDO. An accountancy and business advisory firm, providing the advice and solutions entrepreneurial organisations need to navigate today’s changing world.

We work with the companies that are Britain’s economic engine – ambitious, entrepreneurially-spirited and high‑growth businesses that fuel the economy – and directly advise the owners and management teams leading them.

We’ll broaden your horizons

The Quality and Risk Management Team (QRM) provides leadership, guidance, and tools to help partners and staff manage quality and risk matters. The team is comprised of an Advisory and Compliance Team, a Chief Information Security Office Team, an Economic Crime Team, a Legal Team including a Commercial & Contracts Team, the Independence and Ethics Team and the Regulatory Supervisory Team, plus the Quality Monitoring Team. The team works closely with the firm’s Technical Standards Group and the firm’s leadership.

We’ll help you succeed

Leading organisations trust us because of the quality of our advice. That quality grows from a thorough understanding of their business, and that understanding comes from working closely with them and building long-lasting relationships.

You’ll be someone who is both comfortable working proactively and managing your own tasks, as well as confident collaborating with others and communicating regularly with senior managers, directors, and BDO’s partners to help businesses effectively. You’ll be encouraged to identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with.

Role Purpose

The Third Party Risk Manager is responsible for implementation of the BDO third party security framework. This includes assessing the information security risks of our 3rd parties, by evaluating the 3rd parties' security controls and ensuring supplier and supply chain information security risks to BDO and BDO client services are identified, assessed and managed.

This role reports to the Information Security Manager.

Principal Accountabilities

• Leads in the execution and continuous improvement of the information security supply chain framework, which includes ensuring that security controls are implemented within the supply chain lifecycle at BDO
• Co-ordinates the BDO supplier and supply chain information security due supplier risk assessment framework and due diligence procedure and delivery of service to stakeholders
• Supports risk-based planning for supplier information security due diligence and risk assessment activities
• Partners with procurement, contract management and other key stakeholders to ensure the end-to-end third-party processes consider information security
• Coordinates the gathering of vendor risk assessment data and prepares risk assessments for vendors as needed, to be published and communicated to stakeholders
• Understands and applies relevant regulatory and legal compliance requirements
• Assesses vendor risks against BDO contractual requirements and controls
• Assess third party vendor regulatory compliance
• Conduct due diligence and assessments of third-party security controls and posture
• Coordinates the identification and ranking of vendor risks
• Coordinates the classification and tiering of vendors by risks and risk impacts
• Communicates identified risk requirements to internal stakeholders
• Builds communication and escalation plans around vendor risk management activities
• Ensures that vendor remediation actions, mitigation and contingency plans are identified and communicated to business owners
• Tracks identified risks and risk events through the supplier lifecycle
• Maintain required activity and risk metrics and other data
• Report on activities related to third party supplier assurance as required
• Collate, analyse, and track evidence provided and gathered via direct and indirect external sources to understand information security supply chain risk
• Supports review and continual improvement of information security supplier due diligence and risk assessment procedures
• Together with legal, develop and maintain a set of security contractual clauses and service level agreements
  
  

Knowledge And Experience

• Demonstrable experience with supplier and supply chain due diligence frameworks, procedures, data gathering and information security risk and controls assessment
• Experience of supplier information security risk management at all stages of the supplier lifecycle from procurement, contracting, on-boarding, contract management and off-boarding
• Experience with business service, system and data architectures
• Experience of information security audit and assurance
• Familiarity with formal information security frameworks and certifications such as SOC 2, ISO27001, CE+, CIS top 20, OWASP
• Experience with contract review of information security schedules and terms
• Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience.
• Excellent stakeholder engagement and management experience and skills with the ability to understand complex business structures and services and to advise senior stakeholders on information security risks, mitigations and management strategies
• Self-motivated with keen attention to detail
• Have a relevant industry certification such as CISSP, CISM, CRISC or equivalent
  
  

NB: The above list of job duties is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and grading of the post. Job descriptions should be regularly reviewed to ensure they are an accurate representation of the post.

You’ll be able to be yourself; we’ll recognise and value you for who you are and celebrate and reward your contributions to our business. We’re committed to agile working, and we offer everyone the opportunity to work in ways that suit them, their teams, and the task at hand.

At BDO, we’ll help you achieve your personal goals and career ambitions, and we have programmes, resources, and frameworks that provide clarity and structure around career development.

We’re in it together

Mutual support and respect is one of BDO’s core values and we’re proud of our distinctive, people-centred culture. From informal success conversations to formal mentoring and coaching, we’ll support you at every stage in your career, whatever your personal and professional needs.

Our agile working framework helps us stay connected, bringing teams together where and when it counts so they can share ideas and help one another. At BDO, you’ll always have access to the people and resources you need to do your best work.

We know that collaboration is the key to creating value and satisfying experiences at work, so we’ve invested in state-of-the-art collaboration spaces in our offices. BDO’s people represent a wealth of knowledge and expertise, and we’ll encourage you to build your network, work alongside others, and share your skills and experiences. With a range of multidisciplinary events and dedicated resources, you’ll never stop learning at BDO.

We’re looking forward to the future

At BDO, we help entrepreneurial businesses to succeed, fuelling the UK economy.

Our success is powered by our people, which is why we’re always finding new ways to invest in you. Across the UK thousands of unique minds continue to come together to help companies we work with to achieve their ambitions.

We’ve got a clear purpose, and we’re confident in our future, because we’re adapting and evolving to build on our strengths, ensuring we continue to find the right combination of global reach, integrity and expertise. We shape the future together with openness and clarity, because we believe in empowering people to think creatively about how we can do things better.

#TJ-SS3

Nice-to-have skills

• Information Security
• CISSP
• London, England
  
  

Work experience

• Cyber Security Specialist
• Security Analyst
  
  

Languages

• English
  
  

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Finance and Sales
• Industries
  Technology, Information and Internet

Referrals increase your chances of interviewing at TieTalent by 2x

Get notified about new Risk Manager jobs in London, England, United Kingdom.

London, England, United Kingdom 2 weeks ago

London, England, United Kingdom 19 hours ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 3 weeks ago

London, England, United Kingdom 1 month ago

London, England, United Kingdom 2 months ago

London, England, United Kingdom 4 weeks ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 day ago

London, England, United Kingdom 2 weeks ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 week ago

City Of London, England, United Kingdom £80,000.00-£90,000.00 3 weeks ago

London, England, United Kingdom 2 months ago

London, England, United Kingdom 3 months ago

London, England, United Kingdom 1 month ago

London, England, United Kingdom 2 weeks ago

Staines-Upon-Thames, England, United Kingdom 3 weeks ago

City Of London, England, United Kingdom £70,000.00-£85,000.00 1 week ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.