Location: Cheltenham, Gloucestershire (hybrid working)
We are seeking an experienced Third-Party Risk Manager to build, mature, and operationalise our organisation's Third-Party Risk Management (TPRM) capability. This is a key role responsible for establishing a strong TPRM foundation and embedding structured processes, tooling, governance, and reporting across the supplier lifecycle.
As the Third-Party Risk Manager, you will design and implement a scalable framework that enhances visibility, reduces exposure to supplier-related risks, and drives continuous improvement across the organisation.
Key Responsibilities
Build and mature the organisation's Third-Party Risk Management Framework.
Develop a foundational TPRM framework aligned with NIST, ISO 27001, NIST SP 800-53/161, and internal security policies.
Define roadmap milestones to progress from ad hoc practices to structured, repeatable processes.
Establish scalable lifecycle processes for onboarding assessments, risk categorisation, assurance reviews, and continuous monitoring.
Support alignment with internal policies, including the Supplier Management Security Policy and Group Information Security Policy.
Lead security risk assessments for new and existing suppliers.
Implement supplier profiling and RAG tiering methodologies.
Document, communicate, and track supplier remediation and mitigation plans.
Establish mechanisms for ongoing assurance such as periodic reviews, evidence collection, and monitoring alerts.
Maintain a centralised supplier inventory and coordinate with procurement, contracting, IT, and business teams.
Develop KPIs and KRIs for third-party risk and support quarterly reporting cycles.
Identify gaps in current processes and recommend improvements to strengthen TPRM practices.
Contribute to the creation of standardised assessment templates, processes, and communication workflows.
Partner with Procurement, Legal, IT, Finance, and business units to embed TPRM requirements across operations.
Provide training, guidance, and awareness sessions to enhance understanding of third-party risks.
Offer expert consultation during supplier selection, contract negotiations, and incident response activities.
Your Experience
5+ years in information security, assurance, TPRM, compliance, or audit.
2+ years in a dedicated Third-Party Risk Management role.
Strong working knowledge of ISO 27001, NIST CSF, NIST SP 800-53/161, CIS Controls, SCF, GDPR, cloud security, and supplier risk.
Experience conducting supplier assessments, reviewing security questionnaires, and managing remediation.
Hands-on experience in cybersecurity, information security risk, compliance, or vendor oversight.
Familiarity with supplier assurance methodologies and recognised risk frameworks.
Experience with GRC or TPRM platforms such as TeamMate, LogicGate, OneTrust, or AuditBoard.
Your Skills
Relevant certifications such as CISM, CRISC, CompTIA+, ISO 27001 Lead Auditor/Implementer, or CISA are desirable.
Ability to engage, challenge, negotiate, and influence stakeholders at all levels.
Strong analytical skills with excellent attention to detail.
Able to work independently, prioritise effectively, and adapt in a fast-moving environment.
Confident communicator with the ability to simplify complex concepts.
Proactive, curious, and committed to continuous learning.
Spirax Group is a FTSE100 and FTSE4Good multi-national industrial engineering Group with expertise in the control and management of steam, electric thermal solutions, peristaltic pumping and associated fluid technologies.
Our Purpose is to create sustainable value for all our stakeholders as we engineer a more efficient, safer and sustainable world. Our technologies play an essential role in critical industrial processes and industrial equipment across industries as diverse as Food & Beverage, Pharmaceutical & Biotechnology, Power Generation, Semiconductors and Healthcare. With customers in 165 countries, we provide the solutions that sit behind the production of many items used in daily life, from baked beans to mobile phones
Our Purpose, supported by our inclusive culture and Values, unites us, guides our decisions and inspires us everywhere that we operate. We support our colleagues to make their difference for each other as well as customers, communities, suppliers, our planet and shareholders by creating a truly equitable working environment where everyone feels included.
Benefits
You will receive a competitive salary (and a discretionary bonus), flexible working and excellent benefits including 27 days holiday allowance (before bank holidays), 3 days' paid volunteering leave, comprehensive private healthcare, enhanced pension plan, life assurance, optional participation in a Share Ownership Plan, free onsite parking, flexible benefits, and access to a personal discounts' portal. We also offer a range of additional support and benefits through our Everyone is Included Group Inclusion Plan, detailed below.
Everyone is Included at Spirax Group
We are passionate about creating inclusive and equitable working cultures where everyone can be themselves and achieve their full potential. For us, that means supportive teams and strong relationships where everyone's contribution is valued - across social and cultural backgrounds, ethnicities, ages, genders, gender identities, abilities, neurodiversity, sexual orientation, religious beliefs, and everything else that makes us human and unique.
We want everyone to be able to make their difference here, so we will always consider requests for flexible working.
We know that everyone needs some extra help from time to time too, so we have introduced a range of additional benefits through our Group Inclusion Commitments. These include gender-neutral parental leave, 15 days of extra paid caregiver leave, paid time off and support for anyone experiencing pregnancy loss or domestic abuse, menopause-friendly workplace principles and more. Learn more at .
We are also a Disability Confident Committed Employer. If you would like to apply using this scheme, please select this option in our application form or notify our recruitment partners.