Third Party Security Lead

As the Third-Party Security Risk Lead, you will be part of the Information Security team, focused on establishing and managing a Third-Party Security Risk Management program. Your role involves monitoring third-party relationships and mitigating associated risks. This position requires experience in Information Security, particularly in measuring and managing third-party risk activities.

The role is based in Reading, reporting directly to the Head of Governance, Risk and Compliance. You will contribute to developing a robust third-party security risk management program, requiring independence, a proactive approach, and accountability.

1. Develop and implement the Third-Party Security Risk Management Strategy, standards, and procedures.
2. Conduct regular security reviews and audits of third-party relationships for compliance and risk mitigation.
3. Collaborate with procurement, legal, and commercial teams to integrate risk management into internal processes.
4. Support onboarding and offboarding of third parties, ensuring adherence to policies and regulations.
5. Monitor and report on the effectiveness of the risk management program to senior management.
6. Provide guidance throughout the third-party lifecycle, from selection to termination.

Reading – Hybrid (occasional travel). Full-time, 36 hours/week.

Essential Experience:

• Proven ability in Third-Party Security Risk Management.
• Understanding of information and cybersecurity risks.
• Experience collaborating with procurement, legal, and commercial teams.
• Excellent communication skills with strong business acumen.

Skills & Qualifications:

• Designing and deploying third-party security risk capabilities.
• Over 5 years in IT risk management.
• Effective stakeholder communication skills.
• Experience delivering third-party risk solutions.

Desirable:

• Experience in Cyber Security or Information Security.

• Reports to CISO (Security Operations, Architecture, Governance, Cyber Security Program, Resilience).
• Interacts with CIO and related teams, key business stakeholders, and service owners.

• Competitive salary up to £62,000.
• 26 days holiday, increasing to 30 with service, plus bank holidays.
• Generous pension scheme.
• Health and wellbeing benefits, including health MOTs, physiotherapy, counselling, Cycle to Work, vouchers, and life assurance.