Third Party Security Consultant

To assess and manage the security risks associated with third‑party vendors by ensuring that products and services meet agreed standards, whilst considering the risk position of third parties and their inherent risk.

• Execution of risk assessments and security audits of third‑party providers to assess their security posture, compliance with regulatory requirements and incident history, and communicate key findings to the relevant stakeholders.
• Identification of emerging security threats, active techniques, and third‑party vendor security best practice by collaborating at industry events and training programmes to share knowledge and expertise.
• Management of vendor onboarding/offboarding processes, including security and technology assessments, contractual negotiation procedures and risk mitigation measures, considering security policies, technical controls and procurement.
• Coordinate with third‑party vendors to foster collaboration, promote security best practice, address security incidents and share incident information.

• To advise and influence decision making, contribute to policy development and take responsibility for operational effectiveness. Collaborate closely with other functions/business divisions.
• Lead a team performing complex tasks, using well‑developed professional knowledge and skills to deliver on work that impacts the whole business function. Set objectives, coach employees in pursuit of those objectives, appraise performance relative to objectives and determine reward outcomes.
• If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.
• OR for an individual contributor, they will lead collaborative assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments, and identify new directions for assignments and/or projects, combining cross‑functional methodologies or practices to meet required outcomes.
• Consult on complex issues; providing advice to People Leaders to support the resolution of escalated issues.
• Identify ways to mitigate risk and develop new policies/procedures in support of the control and governance agenda.
• Take ownership for managing risk and strengthening controls in relation to the work done.
• Perform work that is closely related to that of other areas, which requires understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub‑function.
• Collaborate with other areas of work, for business‑aligned support areas to keep up to speed with business activity and the business strategy.
• Engage in complex analysis of data from multiple sources of information, internal and external sources such as procedures and practices (in other areas, teams, companies, etc.) to solve problems creatively and effectively.
• Communicate complex information. ‘Complex’ information could include sensitive information or information that is difficult to communicate because of its content or audience.
• Influence or convince stakeholders to achieve outcomes.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.

Join us as a Third Party Security Consultant at Barclays. Are you ready to lead the charge in safeguarding Barclays and its partners? As a Third Party Risk Management Specialist, you'll be at the heart of our mission to protect the bank's digital ecosystem. Your expertise will drive smarter risk decisions, foster trusted relationships, and ensure our third‑party suppliers meet the highest standards of cybersecurity. A little bit about what you'll do: conduct reviews and assessments against recognised frameworks (e.g., ISO27001, NIST), ensuring third parties meet Barclays' Supplier Control Obligations, build and maintain strong relationships with internal and external partners, act as a trusted advisor on third‑party security matters, analyse complex data sets and management information (MI) to inform risk decisions and support continuous improvement, and deliver clear, concise presentations and reports to both technical and non‑technical audiences.

• Proven experience in third‑party risk management, cyber, or information security, augmented by internal training and mentoring.
• Strong background in conducting risk assessments, audits, or assurance activities ideally with ISO27001 or similar frameworks.
• Excellent communication and stakeholder management skills.
• Analytical mindset with the ability to interpret and present complex data.
• Foreign language skills in French, German or Japanese.
• Experience delivering impactful presentations to diverse audiences.
• Strategic thinking and business acumen.
• Awareness of digital and technology trends shaping the future of cybersecurity.

You may be assessed on key critical skills relevant for success in the role, such as risk and controls, change and transformation, business acumen, strategic thinking and digital and technology, as well as job‑specific technical skills.