Job Title: Third-Party Risk Management Lead Job Type: Full-Time Department: Cybersecurity Reports To: Head of Cybersecurity Job Summary The Third-Party Risk Management (TPRM) Lead is responsible for developing, implementing, and managing a comprehensive third-party risk management program. This role ensures that all external vendors, suppliers, and partners meet the organisation's cybersecurity, compliance, and operational risk standards. The role is mapped at Technical Leader Level 4C, reflecting its strategic importance, technical depth, and leadership in project and risk management. Key Responsibilities Lead the enhancement and execution of the third-party risk management framework in alignment with cybersecurity regulations, legal obligations, and business requirements. Conduct initial and ongoing risk assessments of third-party vendors, ensuring adherence to industry standards and internal policies. Develop and maintain continuous monitoring mechanisms for third-party risks, ensuring timely identification and remediation of issues. Perform in-depth IT risk assessments of suppliers by reviewing responses to cybersecurity questionnaires, documenting controls, and identifying gaps or inconsistencies. Collaborate with internal stakeholders to ensure third-party engagements align with the organisation's risk appetite and compliance requirements. Act as a subject matter expert and resource for colleagues with less experience in third-party risk and cybersecurity governance. Lead or contribute to projects related to third-party risk, ensuring delivery of high-quality outcomes within scope and timelines. Provide regular reporting and insights on third-party risk posture to senior management and relevant stakeholders. Job Mapping and Career Path Career Path Level: Technical Leader - Level 4C This role has been assessed as a Technical Leader based on the following criteria: General Profile: Requires in-depth technical and practical knowledge in cybersecurity risk management, with the ability to work independently and lead project components. Business Acumen: Understands best practices and how third-party risk integrates with broader business and cybersecurity strategies. Leadership: Acts as a resource for less experienced colleagues and may lead small-scale projects with manageable risks. Problem Solving: Solves complex problems using sound judgment and analysis of multiple data sources. Impact: Influences operational and project outcomes across teams, ensuring quality and timeliness of deliverables. Interpersonal Skills: Communicates complex or sensitive information effectively and works to build consensus across stakeholders. Required Qualifications and Experience Bachelor's or Master's degree in Cybersecurity, Risk Management, Business Information Systems, or a related field. Minimum 5 years of experience in third-party risk management, cybersecurity governance, or a related discipline. Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001), regulatory requirements, and risk management practices. Experience conducting supplier risk assessments and managing third-party risk programs. Excellent analytical, communication, and stakeholder engagement skills. Ability to work independently and manage multiple priorities in a dynamic environment. Skills: Cyber Security Reporting KPI's Risk Management Benefits: Free transport