Third Party Risk Manager - Belfast (Hybrid, Outside IR35) - £500 per day - 3 Months
We are seeking an experienced Third Party Risk Manager to oversee and enhance third-party cybersecurity and compliance practices across the enterprise. This critical role involves managing supplier risk assessments, ensuring regulatory alignment, and collaborating with cross-functional teams to maintain a robust and transparent third-party risk management framework.
Key Responsibilities:
* Maintain and evolve the Third-Party Risk Register, mapping vendors to business criticality, data access, and overall risk exposure.
* Conduct pre-contract due diligence and ongoing risk assessments for suppliers, service providers, and strategic partners.
* Review and negotiate security and data protection clauses within contracts, including breach notification, encryption, and audit rights.
* Monitor vendor compliance with SLAs, security standards, and regulatory obligations, escalating non-conformance where required.
* Coordinate third-party incident response and escalation procedures, ensuring prompt remediation and communication.
* Produce regular reporting on third-party risk posture for governance committees, senior stakeholders, and regulators.
* Align third-party risk practices with broader enterprise risk management and cybersecurity frameworks.
What You Will Ideally Bring:
* Deep understanding of regulatory frameworks, including NIS2, GDPR, ISO 27001, and sector-specific compliance obligations (eg, energy).
* Proven experience with vendor risk management frameworks such as SIG questionnaires, NIST SP 800-161, and third-party risk scoring methodologies.
* Strong background in contractual and SLA analysis, particularly around security clauses, data protection, and breach management.
* Hands-on experience conducting due diligence, risk profiling, and control validation for third parties.
* Familiarity with third-party risk platforms such as OneTrust, ProcessUnity, or Archer TPRM.
Contract Details:
* Duration: 3 months (with potential for extension)
* Day Rate: Up to £500 per day (Outside IR35)
* Location: Belfast (Hybrid - 3 days onsite/2 days remote)
* Start Date: ASAP
* Travel: Occasional travel to Belfast as required