Contract | Inside IR35 | UK Remote (occasional Leeds)
Industry: Retail / Manufacturing
Duration: Initial 3 months
Overview
We’re working with a global retail and manufacturing organisation to hire a TPRM Analyst into their Information Security Risk function. This role supports the assessment and ongoing monitoring of a large third‑party vendor estate, helping ensure external suppliers meet required cyber‑security, compliance, and risk standards.
This is a hands‑on, analyst role, well suited to someone with practical experience running vendor due‑diligence processes and working directly with third parties to address cyber and information‑security risks.
Key Responsibilities
Vendor Due Diligence & Assessment
* Support the execution of the vendor due‑diligence process across the full vendor lifecycle
* Issue, track, and review vendor security questionnaires covering security, privacy, and compliance
* Review and analyse security documentation, including SOC reports, ISO 27001 certifications, and other assurance evidence
* Use TPRM and security‑monitoring tools to assess vendor security posture and risk exposure
* Identify, document, and track risks arising from third‑party engagements
* Work with vendors and internal stakeholders to drive remediation of identified issues
* Support risk acceptance and escalation processes where appropriate
Stakeholder Engagement
* Collaborate with Information Security, IT, Legal, and Procurement teams
* Communicate risk findings clearly to both technical and non‑technical stakeholders
Compliance & Governance
* Ensure alignment with internal information‑security policies and third‑party risk standards
* Support reporting, metrics, and KPI tracking across the TPRM programme
Contract & Regulatory Support
* Assist with security reviews of supplier contracts to ensure appropriate clauses are in place
* Support vendor assessments linked to Authorised Economic Operator (AEO) compliance
Skills & Experience
* Understanding/experience with third‑party risk management, information security, and IT risk frameworks.
* Familiarity with vendor assessment processes and security/compliance standards (e.g. ISO 27001, SOC 2, CyberEssentials).
* Experience with TPRM or security posture monitoring tools is desirable.
* Experience reviewing security documentation and audit reports is desirable.
* Ability to manage multiple stakeholders and priorities effectively.
* Good communication skills, with the ability to translate technical findings into business context.
#J-18808-Ljbffr