Salary: £? - ? per year Requirements: Proven experience in Information Security and Governance, Risk and Compliance (GRC) Experience managing the full lifecycle of Third-Party Risk Management (TPRM) systems Strong understanding of supplier risk assessments, audit processes, and security controls Experience with deployment and tailoring systems within a business is desirable Confident stakeholder engagement and communication skills Ability to work onsite 2 to 3 days per week Responsibilities: Own and support the end-to-end Third-Party Risk Management (TPRM) lifecycle Conduct supplier due diligence and risk assessments Review security controls, contractual clauses, and exit strategies Support continuous monitoring and supplier assurance activities Assist with internal and external technology audits Coordinate audit evidence, remediation tracking, and management responses Produce risk reporting, dashboards, and stakeholder updates Technologies: Support Security More: We are looking for an experienced Information Security Analyst to join us on a 6-month contract outside IR35. In this role, we will rely on you to own the end-to-end onboarding of a new third-party risk management tool and support wider technology risk activities across our estate. You will work closely with stakeholders across the business, with an onsite requirement of 2 to 3 days per week. last updated 22 week of 2026