Risk Analyst (Third‑Party Risk Management)
Contract | Inside IR35 | UK Remote (occasional Leeds)
Industry: Retail / Manufacturing
Rate: £500 - £600/day (Inside IR35)
Duration: Initial 3 months
Overview
We're working with a global retail and manufacturing organisation to hire a TPRM Analyst into their Information Security Risk function. This role supports the assessment and ongoing monitoring of a large third‑party vendor estate, helping ensure external suppliers meet required cyber‑security, compliance, and risk standards.
This is a hands‑on, analyst role, well suited to someone with practical experience running vendor due‑diligence processes and working directly with third parties to address cyber and information‑security risks.
Key Responsibilities
Vendor Due Diligence & Assessment
1. Support the execution of the vendor due‑diligence process across the full vendor lifecycle
2. Issue, track, and review vendor security questionnaires covering security, privacy, and compliance
3. Review and analyse security documentation, including SOC reports, ISO 27001 certifications, and other assurance evidence
4. Use TPRM and security‑monitoring tools to assess vendor security posture and risk exposure
Risk Identification & Remediation
5. Identify, document, and track risks arising from third‑party engagements
6. Work with vendors and internal stakeholders to drive remediation of identified issues
7. Support risk acceptance and escalation processes where appropriate
Stakeholder Engagement
8. Collaborate with Information Security, IT, Legal, and Procurement teams
9. Communicate risk findings clearly to both technical and non‑technical stakeholders
Compliance & Governance
10. Ensure alignment with internal information‑security policies and third‑party risk standards
11. Support reporting, metrics, and KPI tracking across the TPRM programme
Contract & Regulatory Support
12. Assist with security reviews of supplier contracts to ensure appropriate clauses are in place
13. Support vendor assessments linked to Authorised Economic Operator (AEO) compliance
Skills & Experience
14. Understanding/experience with third-party risk management, information security, and IT risk frameworks.
15. Familiarity with vendor assessment processes and security/compliance standards (. ISO 27001, SOC 2, CyberEssentials).
16. Experience with TPRM or security posture monitoring tools is desirable.
17. Experience reviewing security documentation and audit reports is desirable.
18. Ability to manage multiple stakeholders and priorities effectively.
19. Good communication skills, with the ability to translate technical findings into business context.
Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy.